The Samba-Bugzilla – Attachment 1224 Details for
Bug 2704
Adding local group using 'net rpc group add -L' fails
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Log file from target samba server.
merlin.log (text/plain), 148.09 KB, created by
John H Terpstra (mail address dead(
on 2005-05-12 13:43:43 UTC
(
hide
)
Description:
Log file from target samba server.
Filename:
MIME Type:
Creator:
John H Terpstra (mail address dead(
Created:
2005-05-12 13:43:43 UTC
Size:
148.09 KB
patch
obsolete
>[2005/05/12 14:36:57, 6] param/loadparm.c:lp_file_list_changed(2758) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu May 12 14:02:39 2005 > >[2005/05/12 14:36:57, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/smbusers >[2005/05/12 14:36:57, 10] lib/username.c:user_in_list(529) > user_in_list: checking user root in list >[2005/05/12 14:36:57, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |root| against |administrator| >[2005/05/12 14:36:57, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |root| against |admin| >[2005/05/12 14:36:57, 5] auth/auth_util.c:make_user_info_map(219) > make_user_info_map: Mapping user [MIDEARTH]\[root] from workstation [MERLIN] >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] auth/auth_util.c:is_trusted_domain(1555) > is_trusted_domain: Checking for domain trust with [MIDEARTH] >[2005/05/12 14:36:57, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(325) > secrets_fetch failed! >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 10] lib/gencache.c:gencache_get(285) > Cache entry with key = TDOM/MIDEARTH couldn't be found >[2005/05/12 14:36:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain MIDEARTH found. >[2005/05/12 14:36:57, 5] auth/auth_util.c:make_user_info(127) > attempting to make a user_info for root (root) >[2005/05/12 14:36:57, 5] auth/auth_util.c:make_user_info(137) > making strings for root's user_info struct >[2005/05/12 14:36:57, 5] auth/auth_util.c:make_user_info(179) > making blobs for root's user_info struct >[2005/05/12 14:36:57, 10] auth/auth_util.c:make_user_info(195) > made an encrypted user_info for root (root) >[2005/05/12 14:36:57, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [MIDEARTH]\[root]@[MERLIN] with the new password interface >[2005/05/12 14:36:57, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [MIDEARTH]\[root]@[MERLIN] >[2005/05/12 14:36:57, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2005/05/12 14:36:57, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2005/05/12 14:36:57, 5] lib/util.c:dump_data(2013) > [000] 13 FB 5E 76 61 ED 4B 47 ..^va.KG >[2005/05/12 14:36:57, 10] auth/auth.c:check_ntlm_password(259) > check_ntlm_password: guest had nothing to say >[2005/05/12 14:36:57, 8] lib/util.c:is_myname(1834) > is_myname("MIDEARTH") returns 0 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_close(951) > The connection to the LDAP server was closed >[2005/05/12 14:36:57, 10] lib/smbldap.c:smbldap_open_connection(596) > smbldap_open_connection: ldap://merlin.terpstra-world.org >[2005/05/12 14:36:57, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened >[2005/05/12 14:36:57, 10] lib/smbldap.c:smbldap_connect_system(824) > ldap_connect_system: Binding to ldap server ldap://merlin.terpstra-world.org as "cn=Manager,dc=terpstra-world,dc=org" >[2005/05/12 14:36:57, 3] lib/smbldap.c:smbldap_connect_system(867) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2005/05/12 14:36:57, 4] lib/smbldap.c:smbldap_open(931) > The LDAP server is succesfully connected >[2005/05/12 14:36:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: root >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username root, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-500 >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-500 >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-512 >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-512 >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name System Boss Man, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\root, was >[2005/05/12 14:36:57, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\root, was >[2005/05/12 14:36:57, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/05/12 14:36:57, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/05/12 14:36:57, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:36:57, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/05/12 14:36:57, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/05/12 14:36:57, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/05/12 14:36:57, 5] passdb/login_cache.c:login_cache_init(41) > Opening cache file at /var/lib/samba/login_cache.tdb >[2005/05/12 14:36:57, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user root >[2005/05/12 14:36:57, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/05/12 14:36:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/05/12 14:36:57, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username root, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name System Boss Man, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\root, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\root, was >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/05/12 14:36:57, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-500 >[2005/05/12 14:36:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-500 from rid 500 >[2005/05/12 14:36:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-512 >[2005/05/12 14:36:57, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-512 from rid 512 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 9] passdb/passdb.c:pdb_update_autolock_flag(2350) > pdb_update_autolock_flag: Account root not autolocked, no check needed >[2005/05/12 14:36:57, 4] libsmb/ntlm_check.c:ntlm_password_check(326) > ntlm_password_check: Checking NT MD4 password >[2005/05/12 14:36:57, 4] auth/auth_sam.c:sam_account_ok(120) > sam_account_ok: Checking SMB password for user root >[2005/05/12 14:36:57, 5] auth/auth_sam.c:logon_hours_ok(102) > logon_hours_ok: user root allowed to logon at this time (Thu May 12 14:36:57 2005 > ) >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 10] lib/system_smbd.c:sys_getgrouplist(116) > sys_getgrouplist: user [root] >[2005/05/12 14:36:57, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist(): disabled winbindd for group lookup [user == root] >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 8] lib/util_getent.c:remove_duplicate_gids(330) > remove_duplicate_gids: Enter 4 gids >[2005/05/12 14:36:57, 8] lib/util_getent.c:remove_duplicate_gids(348) > remove_duplicate_gids: Exit 3 gids >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] >[2005/05/12 14:36:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2107) > ldapsam_getgroup: Did not find group >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 10] passdb/passdb.c:local_gid_to_sid(1267) > local_gid_to_sid: Fall back to algorithmic mapping: 0 -> S-0-0 >[2005/05/12 14:36:57, 8] passdb/passdb.c:algorithmic_gid_to_sid(1233) > algorithmic_gid_to_sid: falling back to RID algorithm >[2005/05/12 14:36:57, 10] passdb/passdb.c:algorithmic_gid_to_sid(1237) > algorithmic_gid_to_sid: gid (0) -> SID S-1-5-21-726309263-4128913605-1168186429-1001. >[2005/05/12 14:36:57, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 0 -> S-1-5-21-726309263-4128913605-1168186429-1001 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=64))], scope => [2] >[2005/05/12 14:36:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2107) > ldapsam_getgroup: Did not find group >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 10] passdb/passdb.c:local_gid_to_sid(1267) > local_gid_to_sid: Fall back to algorithmic mapping: 64 -> S-0-0 >[2005/05/12 14:36:57, 8] passdb/passdb.c:algorithmic_gid_to_sid(1233) > algorithmic_gid_to_sid: falling back to RID algorithm >[2005/05/12 14:36:57, 10] passdb/passdb.c:algorithmic_gid_to_sid(1237) > algorithmic_gid_to_sid: gid (64) -> SID S-1-5-21-726309263-4128913605-1168186429-1129. >[2005/05/12 14:36:57, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 64 -> S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] >[2005/05/12 14:36:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) > init_group_from_ldap: Entry found for group: 512 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (512) -> SID S-1-5-21-726309263-4128913605-1168186429-512. >[2005/05/12 14:36:57, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 512 -> S-1-5-21-726309263-4128913605-1168186429-512 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-500] >[2005/05/12 14:36:57, 5] lib/privileges.c:get_privileges_for_sids(446) > get_privileges_for_sids: sid = S-1-5-21-726309263-4128913605-1168186429-512 > Privilege set: > SE_PRIV 0x1f0 0x0 0x0 0x0 >[2005/05/12 14:36:57, 5] lib/privileges.c:get_privileges_for_sids(446) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/05/12 14:36:57, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2005/05/12 14:36:57, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2005/05/12 14:36:57, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-1001] >[2005/05/12 14:36:57, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-1129] >[2005/05/12 14:36:57, 10] auth/auth_util.c:debug_nt_user_token(485) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-500 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-500 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-1001 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-1129 > SE_PRIV 0x1f0 0x0 0x0 0x0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:make_server_info_sam(857) > make_server_info_sam: made server info for user root -> root >[2005/05/12 14:36:57, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: sam authentication for user [root] succeeded >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth.c:check_ntlm_password(292) > check_ntlm_password: PAM Account for user [root] succeeded >[2005/05/12 14:36:57, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded >[2005/05/12 14:36:57, 5] auth/auth_util.c:free_user_info(1375) > attempting to free (and zero) a user_info structure >[2005/05/12 14:36:57, 10] auth/auth_util.c:free_user_info(1378) > structure was created for root >[2005/05/12 14:36:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(117) > Got NT session key of length 16 >[2005/05/12 14:36:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(123) > Got LM session key of length 16 >[2005/05/12 14:36:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(669) > ntlmssp_server_auth: Created NTLM2 session key. >[2005/05/12 14:36:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > NTLMSSP Sign/Seal - Initialising with flags: >[2005/05/12 14:36:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2005/05/12 14:36:57, 10] smbd/password.c:register_vuid(158) > register_vuid: allocated vuid = 100 >[2005/05/12 14:36:57, 10] lib/util_pw.c:getpwnam_alloc(98) > Got root from pwnam_cache >[2005/05/12 14:36:57, 10] smbd/password.c:register_vuid(220) > register_vuid: (0,0) root root MIDEARTH guest=0 >[2005/05/12 14:36:57, 3] smbd/password.c:register_vuid(222) > User name: root Real name: System Boss Man >[2005/05/12 14:36:57, 3] smbd/password.c:register_vuid(241) > UNIX uid 0 is UNIX user root, and will be vuid 100 >[2005/05/12 14:36:57, 7] param/loadparm.c:lp_servicenumber(4113) > lp_servicenumber: couldn't find root >[2005/05/12 14:36:57, 3] smbd/password.c:register_vuid(270) > Adding homes service for user 'root' using home directory: '/root' >[2005/05/12 14:36:57, 8] param/loadparm.c:add_a_service(2370) > add_a_service: Creating snum = 13 for root >[2005/05/12 14:36:57, 3] param/loadparm.c:lp_add_home(2411) > adding home's share [root] for user 'root' at '/data/users/%U/Documents' >[2005/05/12 14:36:57, 6] param/loadparm.c:lp_file_list_changed(2758) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu May 12 14:02:39 2005 > >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,170) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,170) wrote 170 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 76 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x4c >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 3 of length 80 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=9839 > smb_uid=100 > smb_mid=4 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 5C 00 4D 00 45 00 52 00 4C 00 49 00 4E .\.\.M.E .R.L.I.N > [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC > [020] 00 . >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtconX (pid 9840) conn 0x0 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/05/12 14:36:57, 4] smbd/reply.c:reply_tcon_and_X(610) > Client requested device type [IPC] for share [IPC$] >[2005/05/12 14:36:57, 5] smbd/service.c:make_connection(806) > making a connection to 'normal' service ipc$ >[2005/05/12 14:36:57, 5] lib/username.c:Get_Pwnam(293) > Finding user root >[2005/05/12 14:36:57, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is root >[2005/05/12 14:36:57, 10] lib/util_pw.c:getpwnam_alloc(98) > Got root from pwnam_cache >[2005/05/12 14:36:57, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [root]! >[2005/05/12 14:36:57, 3] smbd/service.c:make_connection_snum(476) > Connect path is '/tmp' for service [IPC$] >[2005/05/12 14:36:57, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2005/05/12 14:36:57, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/05/12 14:36:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2005/05/12 14:36:57, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2005/05/12 14:36:57, 3] smbd/vfs.c:vfs_init_default(206) > Initialising default vfs hooks >[2005/05/12 14:36:57, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2005/05/12 14:36:57, 10] smbd/uid.c:is_share_read_only_for_user(122) > is_share_read_only_for_user: share IPC$ is read-only for unix user root >[2005/05/12 14:36:57, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2005/05/12 14:36:57, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/05/12 14:36:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2005/05/12 14:36:57, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-500 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-500 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-1001 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-1129 > SE_PRIV 0x1f0 0x0 0x0 0x0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 3 supplementary groups > Group[ 0]: 0 > Group[ 1]: 64 > Group[ 2]: 512 >[2005/05/12 14:36:57, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(0,0) gid=(0,0) >[2005/05/12 14:36:57, 3] smbd/service.c:make_connection_snum(640) > merlin (192.168.1.4) connect to service IPC$ initially as user root (uid=0, gid=0) (pid 9840) >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/05/12 14:36:57, 3] smbd/reply.c:reply_tcon_and_X(658) > tconX service=IPC$ >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=4 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 49 50 43 00 00 00 00 IPC.... >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,52) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,52) wrote 52 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 100 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x64 >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 4 of length 104 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=5 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 18 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBntcreateX (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-500 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-500 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-1001 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-1129 > SE_PRIV 0x1f0 0x0 0x0 0x0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 3 supplementary groups > Group[ 0]: 0 > Group[ 1]: 64 > Group[ 2]: 512 >[2005/05/12 14:36:57, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(0,0) gid=(0,0) >[2005/05/12 14:36:57, 4] smbd/vfs.c:vfs_ChDir(662) > vfs_ChDir to /tmp >[2005/05/12 14:36:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) > reply_ntcreateX: flags = 0x0, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/05/12 14:36:57, 4] smbd/nttrans.c:nt_open_pipe(512) > nt_open_pipe: Opening pipe \lsarpc. >[2005/05/12 14:36:57, 3] smbd/nttrans.c:nt_open_pipe(529) > nt_open_pipe: Known pipe lsarpc opening. >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested lsarpc (pipes_open=0) >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested lsarpc >[2005/05/12 14:36:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2005/05/12 14:36:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe lsarpc (pipes_open=0) >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe lsarpc with handle 7019 (pipes_open=1) >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=7019 >[2005/05/12 14:36:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 6400 (0x1900) > smb_vwv[ 3]= 368 (0x170) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,107) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,107) wrote 107 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 154 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x9a >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 5 of length 158 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28697 (0x7019) > smb_bcc=87 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/05/12 14:36:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:36:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:36:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7019 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7019 (pipes_open=1) >[2005/05/12 14:36:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7019) >[2005/05/12 14:36:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b6dd8 max_trans_reply: 1024 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7019 name: lsarpc open: Yes len: 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0b >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0048 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 11 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) > api_pipe_bind_req: decode request. 879 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_elements: 00000001 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000c context_id : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000e num_syntaxes: 01 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 data : 12345778 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 data : 1234 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 data : abcd >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0018 data : ef 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 001a data : 01 23 45 67 89 ab >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 version: 00000000 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 data : 8a885d04 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0028 data : 1ceb >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002a data : 11c9 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002c data : 9f e8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002e data : 08 00 2b 10 48 60 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 version: 00000002 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) > api_pipe_bind_req: make response. 1020 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe.c:check_bind_req(764) > check_bind_req for \PIPE\lsarpc >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 000053f0 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 len: 000c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000a str: \PIPE\lsass. >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0018 num_results: 01 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001c result : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001e reason : 0000 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 data : 8a885d04 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 data : 1ceb >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 data : 11c9 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0028 data : 9f e8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002a data : 08 00 2b 10 48 60 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 version: 00000002 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 56 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7019 name: lsarpc len: 1024 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/05/12 14:36:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,128) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,128) wrote 128 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 142 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x8e >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 6 of length 146 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=142 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28697 (0x7019) > smb_bcc=75 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 2C .......< ......., > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 00 00 00 00 00 00 00 02 ........ ... >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=60 params=0 setup=2 >[2005/05/12 14:36:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:36:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:36:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7019 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7019 (pipes_open=1) >[2005/05/12 14:36:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7019) >[2005/05/12 14:36:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b6dd8 max_trans_reply: 4280 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7019 name: lsarpc open: Yes len: 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 003c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000002 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 44, incoming data = 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000002c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0006 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 22 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[1].fn == 0x8123e45 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr : 00000001 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 system_name: 005c >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_obj_attr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 len : 00000018 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c ptr_root_dir: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 ptr_obj_name: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 attributes : 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 ptr_sec_desc: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c ptr_sec_qos : 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 des_access: 02000000 >[2005/05/12 14:36:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000001 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 69 be 83 42 70 26 00 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 800 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 44 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7019 name: lsarpc len: 4280 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000002 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:36:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 69 BE 83 42 70 26 00 00 00 00 00 .....i.. Bp&..... > [030] 00 . >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 7 of length 132 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28697 (0x7019) > smb_bcc=61 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 1E ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 69 BE 83 42 70 26 00 00 05 00 ...i..Bp &.... >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/05/12 14:36:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:36:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:36:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7019 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7019 (pipes_open=1) >[2005/05/12 14:36:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7019) >[2005/05/12 14:36:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b6dd8 max_trans_reply: 4280 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7019 name: lsarpc open: Yes len: 46 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 46 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002e >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000003 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000001e >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[2].fn == 0x8124081 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000001 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 69 be 83 42 70 26 00 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 info_class: 0005 >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 undoc_buffer: 22000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 info_class: 0005 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 uni_dom_max_len: 0010 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a uni_dom_str_len: 0012 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c buffer_dom_name: 00000001 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 buffer_dom_sid : 00000001 >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 uni_max_len: 00000009 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 offset : 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_str_len: 00000008 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_dom_sid2 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 num_auths: 00000004 >[2005/05/12 14:36:57, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_dom_sid sid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0034 sid_rev_num: 01 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0035 num_auths : 04 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0036 id_auth[0] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0037 id_auth[1] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0038 id_auth[2] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0039 id_auth[3] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003a id_auth[4] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003b id_auth[5] : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 004c status: NT_STATUS_OK >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 18 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 30 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7019 name: lsarpc len: 4280 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0068 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000003 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000050 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:36:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,164) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,164) wrote 164 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 126 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x7e >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 8 of length 130 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28697 (0x7019) > smb_bcc=59 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 1C ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 69 BE 83 42 70 26 00 00 ...i..Bp &.. >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:36:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:36:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:36:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7019 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7019 (pipes_open=1) >[2005/05/12 14:36:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7019) >[2005/05/12 14:36:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b6dd8 max_trans_reply: 4280 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7019 name: lsarpc open: Yes len: 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000004 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000001c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0000 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[4].fn == 0x8124502 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_close >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000001 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 69 be 83 42 70 26 00 00 >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_close >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7019 name: lsarpc len: 4280 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000004 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:36:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 41 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x29 >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 9 of length 45 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=10 > smt_wct=3 > smb_vwv[ 0]=28697 (0x7019) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBclose (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7019 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7019 (pipes_open=1) >[2005/05/12 14:36:57, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:7019 >[2005/05/12 14:36:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) > closed pipe name lsarpc pnum=7019 (pipes_open=0) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,39) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,39) wrote 39 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 96 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x60 >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 10 of length 100 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=11 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=13 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBntcreateX (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) > reply_ntcreateX: flags = 0x0, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/05/12 14:36:57, 4] smbd/nttrans.c:nt_open_pipe(512) > nt_open_pipe: Opening pipe \samr. >[2005/05/12 14:36:57, 3] smbd/nttrans.c:nt_open_pipe(529) > nt_open_pipe: Known pipe samr opening. >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=0) >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested samr >[2005/05/12 14:36:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe samr >[2005/05/12 14:36:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe samr >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe samr (pipes_open=0) >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe samr with handle 701a (pipes_open=1) >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name samr pnum=701a >[2005/05/12 14:36:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) > do_ntcreate_pipe_open: open pipe = \samr >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=11 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 6656 (0x1A00) > smb_vwv[ 3]= 368 (0x170) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,107) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,107) wrote 107 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 154 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x9a >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 11 of length 158 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28698 (0x701A) > smb_bcc=87 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/05/12 14:36:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:36:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:36:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=701a >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=701a (pipes_open=1) >[2005/05/12 14:36:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 701a) >[2005/05/12 14:36:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b6dd8 max_trans_reply: 4280 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 701a name: samr open: Yes len: 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0b >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0048 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000005 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 11 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) > api_pipe_bind_req: decode request. 879 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_elements: 00000001 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000c context_id : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000e num_syntaxes: 01 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 data : 12345778 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 data : 1234 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 data : abcd >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0018 data : ef 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 001a data : 01 23 45 67 89 ac >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 version: 00000001 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 data : 8a885d04 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0028 data : 1ceb >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002a data : 11c9 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002c data : 9f e8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002e data : 08 00 2b 10 48 60 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 version: 00000002 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) > api_pipe_bind_req: make response. 1020 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe.c:check_bind_req(764) > check_bind_req for \PIPE\samr >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\samr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 000053f0 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 len: 000c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000a str: \PIPE\lsass. >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0018 num_results: 01 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001c result : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001e reason : 0000 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 data : 8a885d04 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 data : 1ceb >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 data : 11c9 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0028 data : 9f e8 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002a data : 08 00 2b 10 48 60 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 version: 00000002 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000005 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 56 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 701a name: samr len: 4280 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/05/12 14:36:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,128) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,128) wrote 128 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 142 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x8e >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 12 of length 146 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=142 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28698 (0x701A) > smb_bcc=75 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 2C .......< ......., > [020] 00 00 00 00 00 39 00 01 00 00 00 07 00 00 00 00 .....9.. ........ > [030] 00 00 00 07 00 00 00 6D 00 65 00 72 00 6C 00 69 .......m .e.r.l.i > [040] 00 6E 00 00 00 00 00 00 00 00 02 .n...... ... >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=60 params=0 setup=2 >[2005/05/12 14:36:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:36:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:36:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=701a >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=701a (pipes_open=1) >[2005/05/12 14:36:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 701a) >[2005/05/12 14:36:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b6dd8 max_trans_reply: 4280 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 701a name: samr open: Yes len: 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 003c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000006 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 44, incoming data = 44 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000002c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0039 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 20 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[1].fn == 0x8155141 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_connect >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr_srv_name: 00000001 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 uni_max_len: 00000007 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 offset : 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_str_len: 00000007 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0010 buffer : m.e.r.l.i.n... >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 access_mask: 02000000 >[2005/05/12 14:36:57, 5] rpc_server/srv_samr_nt.c:_samr_connect(2154) > _samr_connect: 2154 >[2005/05/12 14:36:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/05/12 14:36:57, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_connect: access GRANTED (requested: 0x02000000, granted: 0x000f003f) >[2005/05/12 14:36:57, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid (NULL) >[2005/05/12 14:36:57, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(246) > get_samr_info_by_sid: created new info for NULL sid. >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 5] rpc_server/srv_samr_nt.c:_samr_connect(2186) > _samr_connect: 2186 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_connect >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd connect_pol >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000002 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 69 be 83 42 70 26 00 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 970 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 44 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 701a name: samr len: 4280 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000006 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:36:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 69 BE 83 42 70 26 00 00 00 00 00 .....i.. Bp&..... > [030] 00 . >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 158 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x9e >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 13 of length 162 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=158 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28698 (0x701A) > smb_bcc=91 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 3C .......L .......< > [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 69 BE 83 42 70 26 00 00 00 00 00 02 04 ...i..Bp &....... > [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 8F ........ ........ > [050] 99 4A 2B C5 38 1A F6 3D 1C A1 45 .J+.8..= ..E >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/05/12 14:36:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:36:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:36:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=701a >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=701a (pipes_open=1) >[2005/05/12 14:36:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 701a) >[2005/05/12 14:36:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b6dd8 max_trans_reply: 4280 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 701a name: samr open: Yes len: 76 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 004c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000007 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000003c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000002 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 69 be 83 42 70 26 00 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 02000000 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000004 >[2005/05/12 14:36:57, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 04 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x000f003f; required: 0x00000020) >[2005/05/12 14:36:57, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:36:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:36:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/05/12 14:36:57, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x02000000, granted: 0x000f07ff) >[2005/05/12 14:36:57, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 69 be 83 42 70 26 00 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 701a name: samr len: 4280 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000007 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:36:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [020] 00 00 00 00 00 69 BE 83 42 70 26 00 00 00 00 00 .....i.. Bp&..... > [030] 00 . >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 170 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xaa >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 14 of length 174 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=170 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28698 (0x701A) > smb_bcc=103 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 58 00 00 00 08 00 00 00 48 .......X .......H > [020] 00 00 00 00 00 0E 00 00 00 00 00 03 00 00 00 00 ........ ........ > [030] 00 00 00 69 BE 83 42 70 26 00 00 12 00 12 00 01 ...i..Bp &....... > [040] 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 49 ........ .......I > [050] 00 68 00 61 00 74 00 65 00 54 00 68 00 69 00 73 .h.a.t.e .T.h.i.s > [060] 00 00 00 00 00 00 02 ....... >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=88 params=0 setup=2 >[2005/05/12 14:36:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:36:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:36:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=701a >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=701a (pipes_open=1) >[2005/05/12 14:36:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 701a) >[2005/05/12 14:36:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b6dd8 max_trans_reply: 4280 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 701a name: samr open: Yes len: 88 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 88 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0058 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000008 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 72, incoming data = 72 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000048 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 000e >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0xe - api_rpcTNP: rpc command: SAMR_CREATE_DOM_ALIAS >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[18].fn == 0x8156b48 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_create_dom_alias >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd dom_pol >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 69 be 83 42 70 26 00 00 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr hdr_acct_desc >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 uni_str_len: 0012 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 uni_max_len: 0012 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 buffer : 00000001 >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 uni_acct_desc >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_max_len: 00000009 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 offset : 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 uni_str_len: 00000009 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0028 buffer : I.h.a.t.e.T.h.i.s. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c access_mask: 02000000 >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_create_alias: access check ((granted: 0x000f07ff; required: 0x00000040) >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 10] passdb/util_sam_sid.c:map_name_to_wellknown_sid(289) > map_name_to_wellknown_sid: looking up IhateThis >[2005/05/12 14:36:57, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/smbusers >[2005/05/12 14:36:57, 10] lib/username.c:user_in_list(529) > user_in_list: checking user IhateThis in list >[2005/05/12 14:36:57, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |IhateThis| against |administrator| >[2005/05/12 14:36:57, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |IhateThis| against |admin| >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=IhateThis)(objectclass=sambaSamAccount))], scope => [2] >[2005/05/12 14:36:57, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1335) > ldapsam_getsampwnam: Unable to locate user [IhateThis] count=0 >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=IhateThis)(cn=IhateThis)))], scope => [2] >[2005/05/12 14:36:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2107) > ldapsam_getgroup: Did not find group >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:36:57, 10] passdb/lookup_sid.c:lookup_name(59) > lookup_name: winbind lookup for [MIDEARTH]\[IhateThis] failed >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=15010))], scope => [2] >[2005/05/12 14:36:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2107) > ldapsam_getgroup: Did not find group >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=15010))], scope => [2] >[2005/05/12 14:36:57, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Idmap,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaIdmapEntry)(gidNumber=15010))], scope => [2] >[2005/05/12 14:36:57, 0] groupdb/mapping.c:pdb_default_create_alias(1234) > Could not add group mapping entry for alias IhateThis >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_create_dom_alias >[2005/05/12 14:36:57, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd alias_pol >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 rid: 00000000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0018 status: NT_STATUS_ACCESS_DENIED >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:36:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 18 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 72 >[2005/05/12 14:36:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 701a name: samr len: 4280 >[2005/05/12 14:36:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 28. >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0034 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000008 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 0000001c >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:36:57, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:36:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..52] >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 52 (0x34) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=53 >[2005/05/12 14:36:57, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 34 00 00 00 08 00 00 ........ .4...... > [010] 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 22 00 00 C0 ."... >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,112) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,112) wrote 112 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 41 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x29 >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 15 of length 45 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=16 > smt_wct=3 > smb_vwv[ 0]=28698 (0x701A) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBclose (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=701a >[2005/05/12 14:36:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=701a (pipes_open=1) >[2005/05/12 14:36:57, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:701a >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:36:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 69 BE 83 42 ........ ....i..B > [010] 70 26 00 00 p&.. >[2005/05/12 14:36:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:36:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe samr >[2005/05/12 14:36:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) > closed pipe name samr pnum=701a (pipes_open=0) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=16 > smt_wct=0 > smb_bcc=0 >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,39) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,39) wrote 39 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 35 >[2005/05/12 14:36:57, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x23 >[2005/05/12 14:36:57, 3] smbd/process.c:process_smb(1102) > Transaction 16 of length 39 >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=17 > smt_wct=0 > smb_bcc=0 >[2005/05/12 14:36:57, 3] smbd/process.c:switch_message(893) > switch message SMBtdis (pid 9840) conn 0x83b4e7c >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/05/12 14:36:57, 3] smbd/service.c:close_cnum(830) > merlin (192.168.1.4) closed connection to service IPC$ >[2005/05/12 14:36:57, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2005/05/12 14:36:57, 4] smbd/vfs.c:vfs_ChDir(662) > vfs_ChDir to / >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(454) >[2005/05/12 14:36:57, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=9839 > smb_uid=100 > smb_mid=17 > smt_wct=0 > smb_bcc=0 >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(458) > write_socket(29,39) >[2005/05/12 14:36:57, 6] lib/util_sock.c:write_socket(461) > write_socket(29,39) wrote 39 >[2005/05/12 14:36:57, 10] lib/util_sock.c:read_socket_data(387) > read_socket_data: recv of 4 returned 0. Error = Success >[2005/05/12 14:36:57, 10] lib/util_sock.c:receive_smb_raw(565) > receive_smb_raw: length < 0! >[2005/05/12 14:36:57, 3] smbd/process.c:timeout_processing(1344) > timeout_processing: End of file from client (client has disconnected). >[2005/05/12 14:36:57, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2005/05/12 14:36:57, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2005/05/12 14:36:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:36:57, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:36:57, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/05/12 14:36:57, 2] smbd/server.c:exit_server(609) > Closing connections >[2005/05/12 14:36:57, 5] auth/auth_util.c:free_server_info(1401) > attempting to free (and zero) a server_info structure >[2005/05/12 14:36:57, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2005/05/12 14:36:57, 5] smbd/oplock.c:receive_local_message(110) > receive_local_message: doing select with timeout of 1 ms >[2005/05/12 14:36:57, 3] smbd/server.c:exit_server(652) > Server exit (normal exit)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1224">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2704
:
1223
| 1224