[2005/05/12 14:30:47, 6] param/loadparm.c:lp_file_list_changed(2758) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu May 12 14:02:39 2005 [2005/05/12 14:30:47, 4] lib/username.c:map_username(132) Scanning username map /etc/samba/smbusers [2005/05/12 14:30:47, 10] lib/username.c:user_in_list(529) user_in_list: checking user jht in list [2005/05/12 14:30:47, 10] lib/username.c:user_in_list(533) user_in_list: checking user |jht| against |administrator| [2005/05/12 14:30:47, 10] lib/username.c:user_in_list(533) user_in_list: checking user |jht| against |admin| [2005/05/12 14:30:47, 5] auth/auth_util.c:make_user_info_map(219) make_user_info_map: Mapping user [MIDEARTH]\[jht] from workstation [MAGGOT] [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 5] auth/auth_util.c:is_trusted_domain(1555) is_trusted_domain: Checking for domain trust with [MIDEARTH] [2005/05/12 14:30:47, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(325) secrets_fetch failed! [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 10] lib/gencache.c:gencache_get(285) Cache entry with key = TDOM/MIDEARTH couldn't be found [2005/05/12 14:30:47, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain MIDEARTH found. [2005/05/12 14:30:47, 5] auth/auth_util.c:make_user_info(127) attempting to make a user_info for jht (jht) [2005/05/12 14:30:47, 5] auth/auth_util.c:make_user_info(137) making strings for jht's user_info struct [2005/05/12 14:30:47, 5] auth/auth_util.c:make_user_info(179) making blobs for jht's user_info struct [2005/05/12 14:30:47, 10] auth/auth_util.c:make_user_info(195) made an encrypted user_info for jht (jht) [2005/05/12 14:30:47, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [MIDEARTH]\[jht]@[MAGGOT] with the new password interface [2005/05/12 14:30:47, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [MIDEARTH]\[jht]@[MAGGOT] [2005/05/12 14:30:47, 10] auth/auth.c:check_ntlm_password(231) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2005/05/12 14:30:47, 10] auth/auth.c:check_ntlm_password(233) challenge is: [2005/05/12 14:30:47, 5] lib/util.c:dump_data(2013) [000] 14 73 C1 DD FA 74 3B 83 .s...t;. [2005/05/12 14:30:47, 10] auth/auth.c:check_ntlm_password(259) check_ntlm_password: guest had nothing to say [2005/05/12 14:30:47, 8] lib/util.c:is_myname(1834) is_myname("MIDEARTH") returns 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=jht)(objectclass=sambaSamAccount))], scope => [2] [2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_close(951) The connection to the LDAP server was closed [2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_open_connection(596) smbldap_open_connection: ldap://merlin.terpstra-world.org [2005/05/12 14:30:47, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_connect_system(824) ldap_connect_system: Binding to ldap server ldap://merlin.terpstra-world.org as "cn=Manager,dc=terpstra-world,dc=org" [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_connect_system(867) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/05/12 14:30:47, 4] lib/smbldap.c:smbldap_open(931) The LDAP server is succesfully connected [2005/05/12 14:30:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: jht [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username jht, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username jht, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3000 [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3000 [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaLogonTime] = [] [2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaLogoffTime] = [] [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name John H Terpstra, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\merlin\jht, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\logon.cmd, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\merlin\profiles\jht, was [2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2005/05/12 14:30:47, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaLogonHours] = [] [2005/05/12 14:30:47, 5] passdb/login_cache.c:login_cache_init(41) Opening cache file at /var/lib/samba/login_cache.tdb [2005/05/12 14:30:47, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user jht [2005/05/12 14:30:47, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2005/05/12 14:30:47, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) No cache entry, bad count = 0, bad time = 0 [2005/05/12 14:30:47, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username jht, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username jht, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name John H Terpstra, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\merlin\jht, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\logon.cmd, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\merlin\profiles\jht, was [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2005/05/12 14:30:47, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3000 [2005/05/12 14:30:47, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3000 from rid 3000 [2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:47, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 9] passdb/passdb.c:pdb_update_autolock_flag(2350) pdb_update_autolock_flag: Account jht not autolocked, no check needed [2005/05/12 14:30:47, 4] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2005/05/12 14:30:47, 4] auth/auth_sam.c:sam_account_ok(120) sam_account_ok: Checking SMB password for user jht [2005/05/12 14:30:47, 5] auth/auth_sam.c:logon_hours_ok(102) logon_hours_ok: user jht allowed to logon at this time (Thu May 12 14:30:47 2005 ) [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 10] lib/system_smbd.c:sys_getgrouplist(116) sys_getgrouplist: user [jht] [2005/05/12 14:30:47, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist(): disabled winbindd for group lookup [user == jht] [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 8] lib/util_getent.c:remove_duplicate_gids(330) remove_duplicate_gids: Enter 3 gids [2005/05/12 14:30:47, 8] lib/util_getent.c:remove_duplicate_gids(348) remove_duplicate_gids: Exit 2 gids [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2] [2005/05/12 14:30:47, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) init_group_from_ldap: Entry found for group: 513 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 10] passdb/passdb.c:local_gid_to_sid(1278) local_gid_to_sid: gid (513) -> SID S-1-5-21-726309263-4128913605-1168186429-513. [2005/05/12 14:30:47, 10] passdb/lookup_sid.c:gid_to_sid(372) gid_to_sid: local 513 -> S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1000))], scope => [2] [2005/05/12 14:30:47, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) init_group_from_ldap: Entry found for group: 1000 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 10] passdb/passdb.c:local_gid_to_sid(1278) local_gid_to_sid: gid (1000) -> SID S-1-5-21-726309263-4128913605-1168186429-3001. [2005/05/12 14:30:47, 10] passdb/lookup_sid.c:gid_to_sid(372) gid_to_sid: local 1000 -> S-1-5-21-726309263-4128913605-1168186429-3001 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] lib/privileges.c:get_privileges_for_sids(446) get_privileges_for_sids: sid = S-1-5-21-726309263-4128913605-1168186429-3000 Privilege set: SE_PRIV 0xf0 0x0 0x0 0x0 [2005/05/12 14:30:47, 3] lib/privileges.c:get_privileges(254) get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-513] [2005/05/12 14:30:47, 5] lib/privileges.c:get_privileges_for_sids(446) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2005/05/12 14:30:47, 3] lib/privileges.c:get_privileges(254) get_privileges: No privileges assigned to SID [S-1-5-2] [2005/05/12 14:30:47, 3] lib/privileges.c:get_privileges(254) get_privileges: No privileges assigned to SID [S-1-5-11] [2005/05/12 14:30:47, 3] lib/privileges.c:get_privileges(254) get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-3001] [2005/05/12 14:30:47, 10] auth/auth_util.c:debug_nt_user_token(485) NT user token of user S-1-5-21-726309263-4128913605-1168186429-3000 contains 6 SIDs SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-3000 SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-3001 SE_PRIV 0xf0 0x0 0x0 0x0 [2005/05/12 14:30:47, 5] auth/auth_util.c:make_server_info_sam(857) make_server_info_sam: made server info for user jht -> jht [2005/05/12 14:30:47, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [jht] succeeded [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] auth/auth.c:check_ntlm_password(292) check_ntlm_password: PAM Account for user [jht] succeeded [2005/05/12 14:30:47, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [jht] -> [jht] -> [jht] succeeded [2005/05/12 14:30:47, 5] auth/auth_util.c:free_user_info(1375) attempting to free (and zero) a user_info structure [2005/05/12 14:30:47, 10] auth/auth_util.c:free_user_info(1378) structure was created for jht [2005/05/12 14:30:47, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(117) Got NT session key of length 16 [2005/05/12 14:30:47, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(123) Got LM session key of length 16 [2005/05/12 14:30:47, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(669) ntlmssp_server_auth: Created NTLM2 session key. [2005/05/12 14:30:47, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/05/12 14:30:47, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2005/05/12 14:30:47, 10] smbd/password.c:register_vuid(158) register_vuid: allocated vuid = 100 [2005/05/12 14:30:47, 10] lib/util_pw.c:getpwnam_alloc(98) Got jht from pwnam_cache [2005/05/12 14:30:47, 10] smbd/password.c:register_vuid(220) register_vuid: (1000,513) jht jht MIDEARTH guest=0 [2005/05/12 14:30:47, 3] smbd/password.c:register_vuid(222) User name: jht Real name: John H Terpstra [2005/05/12 14:30:47, 3] smbd/password.c:register_vuid(241) UNIX uid 1000 is UNIX user jht, and will be vuid 100 [2005/05/12 14:30:47, 7] param/loadparm.c:lp_servicenumber(4113) lp_servicenumber: couldn't find jht [2005/05/12 14:30:47, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'jht' using home directory: '/data/users/jht' [2005/05/12 14:30:47, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 13 for jht [2005/05/12 14:30:47, 3] param/loadparm.c:lp_add_home(2411) adding home's share [jht] for user 'jht' at '/data/users/%U/Documents' [2005/05/12 14:30:47, 6] param/loadparm.c:lp_file_list_changed(2758) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu May 12 14:02:39 2005 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,170) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,170) wrote 170 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 78 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x4e [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 3 of length 82 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=78 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=13632 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 78 (0x4E) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=35 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 5C 00 4D 00 45 00 52 00 4C 00 49 00 4E .\.\.M.E .R.L.I.N [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? [020] 3F 3F 00 ??. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtconX (pid 9712) conn 0x0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/05/12 14:30:47, 4] smbd/reply.c:reply_tcon_and_X(610) Client requested device type [?????] for share [IPC$] [2005/05/12 14:30:47, 5] smbd/service.c:make_connection(806) making a connection to 'normal' service ipc$ [2005/05/12 14:30:47, 5] lib/username.c:Get_Pwnam(293) Finding user jht [2005/05/12 14:30:47, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is jht [2005/05/12 14:30:47, 10] lib/util_pw.c:getpwnam_alloc(98) Got jht from pwnam_cache [2005/05/12 14:30:47, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [jht]! [2005/05/12 14:30:47, 3] smbd/service.c:make_connection_snum(476) Connect path is '/tmp' for service [IPC$] [2005/05/12 14:30:47, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2005/05/12 14:30:47, 3] smbd/vfs.c:vfs_init_default(206) Initialising default vfs hooks [2005/05/12 14:30:47, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2005/05/12 14:30:47, 10] smbd/uid.c:is_share_read_only_for_user(122) is_share_read_only_for_user: share IPC$ is read-only for unix user jht [2005/05/12 14:30:47, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token of user S-1-5-21-726309263-4128913605-1168186429-3000 contains 6 SIDs SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-3000 SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-3001 SE_PRIV 0xf0 0x0 0x0 0x0 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 1000 Primary group is 513 and contains 2 supplementary groups Group[ 0]: 513 Group[ 1]: 1000 [2005/05/12 14:30:47, 5] smbd/uid.c:change_to_user(304) change_to_user uid=(1000,1000) gid=(0,513) [2005/05/12 14:30:47, 3] smbd/service.c:make_connection_snum(640) maggot (192.168.1.243) connect to service IPC$ initially as user jht (uid=1000, gid=513) (pid 9712) [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/05/12 14:30:47, 3] smbd/reply.c:reply_tcon_and_X(658) tconX service=IPC$ [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=13632 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 49 50 43 00 00 00 00 IPC.... [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,52) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,52) wrote 52 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 100 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x64 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 4 of length 104 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=13696 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBntcreateX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token of user S-1-5-21-726309263-4128913605-1168186429-3000 contains 6 SIDs SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-3000 SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-3001 SE_PRIV 0xf0 0x0 0x0 0x0 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 1000 Primary group is 513 and contains 2 supplementary groups Group[ 0]: 513 Group[ 1]: 1000 [2005/05/12 14:30:47, 5] smbd/uid.c:change_to_user(304) change_to_user uid=(1000,1000) gid=(0,513) [2005/05/12 14:30:47, 4] smbd/vfs.c:vfs_ChDir(662) vfs_ChDir to /tmp [2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) nt_open_pipe: Opening pipe \srvsvc. [2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) nt_open_pipe: Known pipe srvsvc opening. [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested srvsvc (pipes_open=0) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested srvsvc [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) Created internal pipe srvsvc (pipes_open=0) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) Opened pipe srvsvc with handle 7107 (pipes_open=1) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name srvsvc pnum=7107 [2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) do_ntcreate_pipe_open: open pipe = \srvsvc [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=13696 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,107) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,107) wrote 107 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 5 of length 140 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=13760 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28935 (0x7107) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBwriteX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7107 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name srvsvc pnum=7107 (pipes_open=1) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7107 name: srvsvc open: Yes len: 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 11, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 11 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) api_pipe_bind_req: decode request. 879 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_elements: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_syntaxes: 01 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 4b324fc8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 1670 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : 01d3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : 12 78 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 5a 47 bf 6e e1 88 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000003 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) api_pipe_bind_req: make response. 1020 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) check_bind_req for \PIPE\srvsvc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\samr [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\NETLOGON [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\srvsvc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\ntsvcs. [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000017 smb_io_rpc_results [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7107 nwritten=72 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=13760 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,51) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,51) wrote 51 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 59 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x3b [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 6 of length 63 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=13824 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28935 (0x7107) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBreadX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7107 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name srvsvc pnum=7107 (pipes_open=1) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7107 name: srvsvc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7107 min=1024 max=1024 nread=68 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=13824 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,131) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,131) wrote 131 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 148 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x94 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 7 of length 152 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=13888 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28935 (0x7107) smb_bcc=81 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 01 00 00 ........ .@...... [020] 00 28 00 00 00 00 00 15 00 64 E7 12 00 09 00 00 .(...... .d...... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 C9 11 65 00 00 .R.L.I.N .....e.. [050] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=64 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7107 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name srvsvc pnum=7107 (pipes_open=1) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "srvsvc" (pnum 7107) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7107 name: srvsvc open: Yes len: 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0040 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 48, incoming data = 48 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000028 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0015 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 22 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\srvsvc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[11].fn == 0x8130bfc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 srv_io_q_net_srv_get_info [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr_srv_name : 0012e764 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.M.E.R.L.I.N... [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 switch_value : 00000065 [2005/05/12 14:30:47, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1212) srv_net_srv_get_info: 1212 [2005/05/12 14:30:47, 5] rpc_parse/parse_srv.c:init_srv_info_101(2809) init_srv_info_101 [2005/05/12 14:30:47, 5] rpc_parse/parse_srv.c:init_srv_r_net_srv_get_info(3044) init_srv_r_net_srv_get_info [2005/05/12 14:30:47, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1257) srv_net_srv_get_info: 1257 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 srv_io_r_net_srv_get_info [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 srv_io_info_ctr ctr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 switch_value: 00000065 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr_srv_ctr : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000008 srv_io_info_101 sv101 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 platform_id : 000001f4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c ptr_name : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 ver_major : 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 ver_minor : 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 srv_type : 00009a2b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr_comment : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_unistr2 uni_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 uni_max_len: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 uni_str_len: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 002c buffer : M.E.R.L.I.N... [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00003a smb_io_unistr2 uni_comment [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c uni_max_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 uni_str_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0048 buffer : M.a.i.n. .S.e.r.v.e.r... [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) 0060 status: WERR_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called srvsvc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 164 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 48 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7107 name: srvsvc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 100. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 007c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000064 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..124] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=13888 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 124 (0x7C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=125 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 7C 00 00 00 01 00 00 ........ .|...... [010] 00 64 00 00 00 00 00 00 00 65 00 00 00 01 00 00 .d...... .e...... [020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 ........ ........ [030] 00 2B 9A 00 00 01 00 00 00 07 00 00 00 00 00 00 .+...... ........ [040] 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 00 4E .....M.E .R.L.I.N [050] 00 00 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ [060] 00 4D 00 61 00 69 00 6E 00 20 00 53 00 65 00 72 .M.a.i.n . .S.e.r [070] 00 76 00 65 00 72 00 00 00 00 00 00 00 .v.e.r.. ..... [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,184) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,184) wrote 184 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 41 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x29 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 8 of length 45 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=13952 smt_wct=3 smb_vwv[ 0]=28935 (0x7107) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBclose (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7107 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name srvsvc pnum=7107 (pipes_open=1) [2005/05/12 14:30:47, 5] smbd/pipes.c:reply_pipe_close(260) reply_pipe_close: pnum:7107 [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe srvsvc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) closed pipe name srvsvc pnum=7107 (pipes_open=0) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=13952 smt_wct=0 smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,39) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,39) wrote 39 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 100 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x64 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 9 of length 104 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14016 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBntcreateX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) nt_open_pipe: Opening pipe \winreg. [2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) nt_open_pipe: Known pipe winreg opening. [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested winreg (pipes_open=0) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested winreg [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) Created internal pipe winreg (pipes_open=0) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) Opened pipe winreg with handle 7108 (pipes_open=1) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name winreg pnum=7108 [2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) do_ntcreate_pipe_open: open pipe = \winreg [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14016 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2048 (0x800) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,107) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,107) wrote 107 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 10 of length 140 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14080 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28936 (0x7108) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBwriteX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7108 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name winreg pnum=7108 (pipes_open=1) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7108 name: winreg open: Yes len: 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 11, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 11 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) api_pipe_bind_req: decode request. 879 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_elements: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_syntaxes: 01 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 338cd001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 2244 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : 31f1 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : aa aa [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 90 00 38 00 10 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000001 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) api_pipe_bind_req: make response. 1020 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) check_bind_req for \PIPE\winreg [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\samr [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\NETLOGON [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\srvsvc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\wkssvc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\winreg [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\winreg. [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000017 smb_io_rpc_results [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7108 nwritten=72 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14080 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,51) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,51) wrote 51 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 59 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x3b [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 11 of length 63 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14145 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28936 (0x7108) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBreadX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7108 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name winreg pnum=7108 (pipes_open=1) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7108 name: winreg len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7108 min=1024 max=1024 nread=68 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14145 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,131) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,131) wrote 131 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 120 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x78 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 12 of length 124 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14209 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28936 (0x7108) smb_bcc=53 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 90 ED 12 00 B0 69 01 ........ ......i. [030] 00 00 00 00 02 ..... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=36 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7108 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name winreg pnum=7108 (pipes_open=1) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7108) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7108 name: winreg open: Yes len: 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 20 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0024 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 20 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 20, incoming data = 20 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0002 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 22 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\winreg [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[3].fn == 0x8128d51 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_open_hive [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr: 0012ed90 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 server: 69b0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0006 access: 00000001 [2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:open_registry_key(92) open_registry_key: name = [NULL][HKLM] [2005/05/12 14:30:47, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM] [2005/05/12 14:30:47, 10] lib/adt_tree.c:pathtree_find(388) pathtree_find: Enter [/HKLM] [2005/05/12 14:30:47, 10] lib/adt_tree.c:pathtree_find(460) pathtree_find: Exit [2005/05/12 14:30:47, 10] registry/reg_db.c:regdb_fetch_reg_keys(316) regdb_fetch_reg_keys: Enter key => [HKLM] [2005/05/12 14:30:47, 10] registry/reg_db.c:regdb_fetch_reg_keys(343) regdb_fetch_reg_keys: Exit [1] items [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:open_registry_key(164) open_registry_key: exit [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_open_hive [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) 0014 status: WERR_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called winreg successfully [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:api_rpcTNP(1589) api_rpcTNP: rpc input buffer underflow (parse error?) [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a : 00 02 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 2 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 20 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7108 name: winreg len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14209 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 252 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xfc [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 13 of length 256 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=252 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14273 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28936 (0x7108) smb_bcc=185 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 A8 00 00 00 02 00 00 ........ ........ [020] 00 90 00 00 00 00 00 0F 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 60 00 60 ........ B.%..`.` [040] 00 C8 E5 CB 71 30 00 00 00 00 00 00 00 30 00 00 ....q0.. .....0.. [050] 00 53 00 59 00 53 00 54 00 45 00 4D 00 5C 00 43 .S.Y.S.T .E.M.\.C [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t [080] 00 5C 00 43 00 6F 00 6E 00 74 00 72 00 6F 00 6C .\.C.o.n .t.r.o.l [090] 00 5C 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 .\.P.r.o .d.u.c.t [0A0] 00 4F 00 70 00 74 00 69 00 6F 00 6E 00 73 00 00 .O.p.t.i .o.n.s.. [0B0] 00 00 00 00 00 00 00 00 02 ........ . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=168 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7108 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name winreg pnum=7108 (pipes_open=1) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7108) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7108 name: winreg open: Yes len: 168 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 168 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 152 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 00a8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 152 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 152, incoming data = 152 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000090 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 000f [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\winreg [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[1].fn == 0x8128f9a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_open_entry [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 length: 0060 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 size: 0060 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr: 71cbe5c8 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unistr2 name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_max_len: 00000030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 uni_str_len: 00000030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0028 buffer : S.Y.S.T.E.M.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.P.r.o.d.u.c.t.O.p.t.i.o.n.s... [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0088 unknown_0 : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 008c access: 02000000 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(326) reg_open_entry: Enter [2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:open_registry_key(92) open_registry_key: name = [HKLM][SYSTEM\CurrentControlSet\Control\ProductOptions] [2005/05/12 14:30:47, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] [2005/05/12 14:30:47, 10] lib/adt_tree.c:pathtree_find(388) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] [2005/05/12 14:30:47, 10] lib/adt_tree.c:pathtree_find(460) pathtree_find: Exit [2005/05/12 14:30:47, 10] registry/reg_db.c:regdb_fetch_reg_keys(316) regdb_fetch_reg_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2005/05/12 14:30:47, 10] registry/reg_db.c:regdb_fetch_reg_keys(343) regdb_fetch_reg_keys: Exit [0] items [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:open_registry_key(164) open_registry_key: exit [2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(337) reg_open_entry: Exit [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_open_entry [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) 0014 status: WERR_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called winreg successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 112 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 152 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7108 name: winreg len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14273 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 212 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xd4 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 14 of length 216 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14337 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28936 (0x7108) smb_bcc=145 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 03 00 00 ........ ........ [020] 00 68 00 00 00 00 00 11 00 00 00 00 00 02 00 00 .h...... ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 18 00 18 ........ B.%..... [040] 00 70 51 32 00 0C 00 00 00 00 00 00 00 0C 00 00 .pQ2.... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 18 EE 12 00 48 74 14 .y.p.e.. .....Ht. [070] 00 48 74 14 00 04 01 00 00 00 00 00 00 00 00 00 .Ht..... ........ [080] 00 10 EE 12 00 04 01 00 00 08 EE 12 00 00 00 00 ........ ........ [090] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=128 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7108 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name winreg pnum=7108 (pipes_open=1) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7108) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7108 name: winreg open: Yes len: 128 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 128 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 112 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0080 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 112 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 112, incoming data = 112 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000068 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0011 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\winreg [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[8].fn == 0x812905e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_info [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 length: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 size: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr: 00325170 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unistr2 name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_max_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 uni_str_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 ptr_reserved: 0012ee18 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 ptr_buf: 00147448 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0048 ptr_bufsize: 00147448 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c bufsize: 00000104 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 buf_unk: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 unk1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0058 ptr_buflen: 0012ee10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c buflen: 00000104 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0060 ptr_buflen2: 0012ee08 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 buflen2: 00000000 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_info(358) _reg_info: Enter [2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:_reg_info(363) _reg_info: policy key name = [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_info(367) reg_info: looking up value: [ProductType] [2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_info(447) _reg_info: Exit [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_info [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr: 083b5054 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 type: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 ptr: 083b3804 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000c smb_io_regval_buffer value [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_max_len: 00000012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 buf_len : 00000012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0018 buffer : L.a.n.m.a.n.N.T... [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c ptr: 083b37b4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 buf_max_len: 00000012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 ptr: 083b5844 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 buf_len: 00000012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) 003c status: WERR_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called winreg successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 86 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 112 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7108 name: winreg len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 64. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0058 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000040 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..88] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14337 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 58 00 00 00 03 00 00 ........ .X...... [010] 00 40 00 00 00 00 00 00 00 54 50 3B 08 01 00 00 .@...... .TP;.... [020] 00 04 38 3B 08 12 00 00 00 00 00 00 00 12 00 00 ..8;.... ........ [030] 00 4C 00 61 00 6E 00 6D 00 61 00 6E 00 4E 00 54 .L.a.n.m .a.n.N.T [040] 00 00 00 00 00 B4 37 3B 08 12 00 00 00 44 58 3B ......7; .....DX; [050] 08 12 00 00 00 00 00 00 00 ........ . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,148) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,148) wrote 148 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 15 of length 132 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14401 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28936 (0x7108) smb_bcc=61 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7108 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name winreg pnum=7108 (pipes_open=1) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7108) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7108 name: winreg open: Yes len: 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0005 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\winreg [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x8128c90 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_close [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_close [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) 0014 status: WERR_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called winreg successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7108 name: winreg len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14401 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 16 of length 132 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14465 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28936 (0x7108) smb_bcc=61 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7108 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name winreg pnum=7108 (pipes_open=1) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7108) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7108 name: winreg open: Yes len: 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0005 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\winreg [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x8128c90 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_close [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_close [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) 0014 status: WERR_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called winreg successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7108 name: winreg len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14465 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 41 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x29 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 17 of length 45 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14529 smt_wct=3 smb_vwv[ 0]=28936 (0x7108) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBclose (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7108 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name winreg pnum=7108 (pipes_open=1) [2005/05/12 14:30:47, 5] smbd/pipes.c:reply_pipe_close(260) reply_pipe_close: pnum:7108 [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe winreg [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) closed pipe name winreg pnum=7108 (pipes_open=0) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14529 smt_wct=0 smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,39) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,39) wrote 39 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 96 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x60 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 18 of length 100 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14593 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBntcreateX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) nt_open_pipe: Opening pipe \samr. [2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) nt_open_pipe: Known pipe samr opening. [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested samr (pipes_open=0) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested samr [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe samr [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) Created internal pipe samr (pipes_open=0) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) Opened pipe samr with handle 7109 (pipes_open=1) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name samr pnum=7109 [2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) do_ntcreate_pipe_open: open pipe = \samr [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14593 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2304 (0x900) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,107) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,107) wrote 107 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 19 of length 140 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14657 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28937 (0x7109) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBwriteX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7109 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=7109 (pipes_open=1) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7109 name: samr open: Yes len: 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 11, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 11 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) api_pipe_bind_req: decode request. 879 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_elements: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_syntaxes: 01 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 12345778 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 1234 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : abcd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : ef 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 01 23 45 67 89 ac [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000001 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) api_pipe_bind_req: make response. 1020 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) check_bind_req for \PIPE\samr [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\samr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\lsass. [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000016 smb_io_rpc_results [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7109 nwritten=72 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14657 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,51) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,51) wrote 51 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 59 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x3b [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 20 of length 63 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14721 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28937 (0x7109) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBreadX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7109 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=7109 (pipes_open=1) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7109 name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7109 min=1024 max=1024 nread=68 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14721 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,131) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,131) wrote 131 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 164 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa4 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 21 of length 168 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14785 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28937 (0x7109) smb_bcc=97 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 01 00 00 ........ .P...... [020] 00 38 00 00 00 00 00 40 00 A0 96 14 00 09 00 00 .8.....@ ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 C9 11 20 00 00 .R.L.I.N ..... .. [050] 00 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 ........ ........ [060] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=80 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7109 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=7109 (pipes_open=1) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 7109) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7109 name: samr open: Yes len: 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0050 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000038 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0040 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 20 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x40 - unknown [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 23 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0020 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_hdr_fault fault [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0018 status : NT code 0x1c010002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c reserved: 00000000 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 64 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7109 name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: samr: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14785 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,92) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,92) wrote 92 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 41 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x29 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 22 of length 45 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14849 smt_wct=3 smb_vwv[ 0]=28937 (0x7109) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBclose (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7109 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=7109 (pipes_open=1) [2005/05/12 14:30:47, 5] smbd/pipes.c:reply_pipe_close(260) reply_pipe_close: pnum:7109 [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) closed pipe name samr pnum=7109 (pipes_open=0) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14849 smt_wct=0 smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,39) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,39) wrote 39 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 96 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x60 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 23 of length 100 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14913 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBntcreateX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) nt_open_pipe: Opening pipe \samr. [2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) nt_open_pipe: Known pipe samr opening. [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested samr (pipes_open=0) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested samr [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe samr [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) Created internal pipe samr (pipes_open=0) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) Opened pipe samr with handle 710a (pipes_open=1) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name samr pnum=710a [2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) do_ntcreate_pipe_open: open pipe = \samr [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=14913 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,107) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,107) wrote 107 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 24 of length 140 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14977 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28938 (0x710A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBwriteX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=1) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 11, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 11 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) api_pipe_bind_req: decode request. 879 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_elements: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_syntaxes: 01 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 12345778 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 1234 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : abcd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : ef 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 01 23 45 67 89 ac [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000001 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) api_pipe_bind_req: make response. 1020 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) check_bind_req for \PIPE\samr [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\samr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\lsass. [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000016 smb_io_rpc_results [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=710a nwritten=72 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=14977 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,51) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,51) wrote 51 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 59 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x3b [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 25 of length 63 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15041 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28938 (0x710A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBreadX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=1) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=710a min=1024 max=1024 nread=68 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15041 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,131) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,131) wrote 131 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 152 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x98 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 26 of length 156 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15105 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=85 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [020] 00 2C 00 00 00 00 00 3E 00 A0 96 14 00 09 00 00 .,.....> ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 C9 11 02 00 00 .R.L.I.N ........ [050] 00 20 00 00 00 . ... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=68 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=1) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 68 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 68 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 52, incoming data = 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000002c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 003e [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 20 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[47].fn == 0x81552b4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_connect4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr_srv_name: 001496a0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.M.E.R.L.I.N... [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 unk_0: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 access_mask: 00000020 [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2205) _samr_connect4: 2205 [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000020, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 20 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (20) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_connect4: access GRANTED (requested: 0x00000020, granted: 0x00000020) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid (NULL) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(246) get_samr_info_by_sid: created new info for NULL sid. [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2237) _samr_connect: 2237 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_connect4 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd connect_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 974 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 52 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15105 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 100 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x64 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 27 of length 104 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15169 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBntcreateX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) nt_open_pipe: Opening pipe \lsarpc. [2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) nt_open_pipe: Known pipe lsarpc opening. [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested lsarpc (pipes_open=1) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name samr pnum=710a [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 2 for pipe lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) Created internal pipe lsarpc (pipes_open=1) [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) Opened pipe lsarpc with handle 710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name lsarpc pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name samr pnum=710a [2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) do_ntcreate_pipe_open: open pipe = \lsarpc [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15169 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2816 (0xB00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,107) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,107) wrote 107 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 28 of length 140 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15233 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28939 (0x710B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBwriteX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 11, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 11 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) api_pipe_bind_req: decode request. 879 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_elements: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_syntaxes: 01 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 12345778 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 1234 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : abcd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : ef 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 01 23 45 67 89 ab [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000000 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) api_pipe_bind_req: make response. 1020 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) check_bind_req for \PIPE\lsarpc [2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\lsass. [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000016 smb_io_rpc_results [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=710b nwritten=72 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15233 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,51) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,51) wrote 51 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 59 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x3b [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 29 of length 63 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15297 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28939 (0x710B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBreadX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=710b min=1024 max=1024 nread=68 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15297 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,131) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,131) wrote 131 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 180 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xb4 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 30 of length 184 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15361 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=113 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 01 00 00 ........ .`...... [020] 00 48 00 00 00 00 00 2C 00 A0 96 14 00 09 00 00 .H....., ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 C9 11 18 00 00 .R.L.I.N ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 08 F4 12 00 0C 00 00 00 02 00 01 00 01 08 00 ........ ........ [070] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0060 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 002c [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 22 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x8123cd4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr : 001496a0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.M.E.R.L.I.N... [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000022 lsa_io_obj_attr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 len : 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 ptr_root_dir: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c ptr_obj_name: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 attributes : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 ptr_sec_desc: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 ptr_sec_qos : 0012f408 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00003c lsa_io_obj_qos sec_qos [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c len : 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0040 sec_imp_level : 0002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0042 sec_ctxt_mode : 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0043 effective_only: 00 [2005/05/12 14:30:47, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(182) lsa_io_sec_qos: length c does not match size 8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 des_access: 00000801 [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000801, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 801 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (801) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_open_pol2 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 826 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 80 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15361 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 148 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x94 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 31 of length 152 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15425 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=81 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 02 00 00 ........ .@...... [020] 00 28 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .(...... ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 80 03 00 ........ B.%..... [040] 00 01 00 00 00 01 01 00 00 00 00 00 05 20 00 00 ........ ..... .. [050] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=64 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0040 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 48, incoming data = 48 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000028 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 00000380 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000020 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000380, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 380 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (380) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000380, granted: 0x000d07fa) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-32 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000005 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 48 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15425 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 130 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x82 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 32 of length 134 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15489 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=63 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000016 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[2].fn == 0x8124081 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 0005 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 22000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 info_class: 0005 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_dom_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 uni_dom_max_len: 0010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a uni_dom_str_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c buffer_dom_name: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 buffer_dom_sid : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unistr2 unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_str_len: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0020 buffer : M.I.D.E.A.R.T.H. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 num_auths: 00000004 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0038 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0039 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003a id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003b id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 004c status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 18 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0068 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000050 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15489 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 02 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,164) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,164) wrote 164 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 160 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa0 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 33 of length 164 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15553 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=93 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 03 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 80 03 00 ........ B.%..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000034 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 00000380 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000004 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000380, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 380 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (380) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000380, granted: 0x000d07fa) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[4] [000] 00 00 00 00 06 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15553 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 06 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 130 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x82 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 34 of length 134 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15617 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=63 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000016 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[2].fn == 0x8124081 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 0005 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 22000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 info_class: 0005 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_dom_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 uni_dom_max_len: 0010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a uni_dom_str_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c buffer_dom_name: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 buffer_dom_sid : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unistr2 unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_str_len: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0020 buffer : M.I.D.E.A.R.T.H. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 num_auths: 00000004 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0038 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0039 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003a id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003b id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 004c status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 18 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0068 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000050 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15617 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,164) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,164) wrote 164 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 160 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa0 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 35 of length 164 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15681 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=93 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 04 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 90 03 00 ........ B.%..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000034 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 00000390 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000004 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000380, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 380 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (380) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000380, granted: 0x000d07fa) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[5] [000] 00 00 00 00 07 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15681 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 36 of length 132 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15745 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=61 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 06 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0001 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x81535a8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 06 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15745 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 130 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x82 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 37 of length 134 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15809 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=63 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 04 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000016 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[2].fn == 0x8124081 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 0005 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 22000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 info_class: 0005 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_dom_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 uni_dom_max_len: 0010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a uni_dom_str_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c buffer_dom_name: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 buffer_dom_sid : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unistr2 unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_str_len: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0020 buffer : M.I.D.E.A.R.T.H. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 num_auths: 00000004 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0038 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0039 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003a id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003b id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 004c status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 18 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0068 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000050 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15809 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 04 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,164) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,164) wrote 164 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 160 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa0 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 38 of length 164 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15873 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=93 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 06 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 91 03 00 ........ B.%..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000034 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 00000391 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000004 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000381, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 381 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (381) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000381, granted: 0x000d07fb) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[5] [000] 00 00 00 00 08 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15873 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 39 of length 132 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15937 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=61 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 07 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0001 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x81535a8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 07 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=15937 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 130 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x82 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 40 of length 134 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16001 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=63 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000016 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[2].fn == 0x8124081 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 0005 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 22000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 info_class: 0005 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_dom_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 uni_dom_max_len: 0010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a uni_dom_str_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c buffer_dom_name: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 buffer_dom_sid : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unistr2 unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_str_len: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0020 buffer : M.I.D.E.A.R.T.H. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 num_auths: 00000004 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0038 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0039 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003a id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003b id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 004c status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 18 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0068 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000050 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16001 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 05 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,164) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,164) wrote 164 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 160 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa0 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 41 of length 164 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16065 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=93 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 08 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 D1 03 00 ........ B.%..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000008 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000034 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 000003d1 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000004 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000381, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 381 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (381) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000381, granted: 0x000d07fb) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[5] [000] 00 00 00 00 09 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16065 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 42 of length 132 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16129 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=61 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 09 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 08 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000009 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0001 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x81535a8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 08 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16129 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 130 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x82 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 43 of length 134 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16193 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=63 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 06 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000016 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[2].fn == 0x8124081 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 0005 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 22000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 info_class: 0005 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_dom_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 uni_dom_max_len: 0010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a uni_dom_str_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c buffer_dom_name: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 buffer_dom_sid : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unistr2 unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_str_len: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0020 buffer : M.I.D.E.A.R.T.H. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 num_auths: 00000004 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0038 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0039 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003a id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003b id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 004c status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 18 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0068 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000050 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16193 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 06 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,164) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,164) wrote 164 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 160 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa0 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 44 of length 164 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16257 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=93 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 0A 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 F1 03 00 ........ B.%..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000034 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 000003f1 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000004 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000381, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 381 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (381) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000381, granted: 0x000d07fb) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[5] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16257 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0A 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 45 of length 132 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16321 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=61 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0001 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x81535a8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 09 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16321 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 130 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x82 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 46 of length 134 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16385 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=63 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000016 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[2].fn == 0x8124081 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 0005 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 22000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 info_class: 0005 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_dom_query [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 uni_dom_max_len: 0010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a uni_dom_str_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c buffer_dom_name: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 buffer_dom_sid : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unistr2 unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_str_len: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0020 buffer : M.I.D.E.A.R.T.H. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 num_auths: 00000004 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0038 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0039 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003a id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003b id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 004c status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 18 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0068 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000050 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16385 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,164) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,164) wrote 164 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 160 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa0 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 47 of length 164 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16449 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=93 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 0C 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 F3 03 00 ........ B.%..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000c [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000034 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 000003f3 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000004 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 04 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000381, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 381 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (381) granted. [2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000381, granted: 0x000d07fb) [2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[5] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16449 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 ........ ........ [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 48 of length 132 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16513 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=61 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 0A 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000d [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0001 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x81535a8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16513 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 180 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xb4 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 49 of length 184 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16577 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=113 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 08 00 00 ........ .`...... [020] 00 48 00 00 00 00 00 2C 00 A0 96 14 00 09 00 00 .H....., ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 05 18 00 00 .R.L.I.N ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 28 F4 12 00 0C 00 00 00 02 00 01 00 11 08 00 .(...... ........ [070] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0060 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000008 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 002c [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x8123cd4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr : 001496a0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.M.E.R.L.I.N... [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000022 lsa_io_obj_attr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 len : 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 ptr_root_dir: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c ptr_obj_name: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 attributes : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 ptr_sec_desc: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 ptr_sec_qos : 0012f428 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00003c lsa_io_obj_qos sec_qos [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c len : 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0040 sec_imp_level : 0002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0042 sec_ctxt_mode : 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0043 effective_only: 00 [2005/05/12 14:30:47, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(182) lsa_io_sec_qos: length c does not match size 8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 des_access: 00000811 [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000811, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 811 se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-21-726309263-4128913605-1168186429-512 mask = f0fff, current desired = 10 se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f0fff, current desired = 10 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(314) se_access_check: access (811) denied. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_open_pol2 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_ACCESS_DENIED [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 826 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 80 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16577 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 22 00 00 ........ .....".. [030] C0 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 180 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xb4 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 50 of length 184 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16641 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=113 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 09 00 00 ........ .`...... [020] 00 48 00 00 00 00 00 2C 00 A0 96 14 00 09 00 00 .H....., ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 05 18 00 00 .R.L.I.N ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 28 F4 12 00 0C 00 00 00 02 00 01 00 03 0B 00 .(...... ........ [070] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0060 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000009 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 002c [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x8123cd4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr : 001496a0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.M.E.R.L.I.N... [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000022 lsa_io_obj_attr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 len : 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 ptr_root_dir: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c ptr_obj_name: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 attributes : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 ptr_sec_desc: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 ptr_sec_qos : 0012f428 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00003c lsa_io_obj_qos sec_qos [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c len : 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0040 sec_imp_level : 0002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0042 sec_ctxt_mode : 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0043 effective_only: 00 [2005/05/12 14:30:47, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(182) lsa_io_sec_qos: length c does not match size 8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 des_access: 00000b03 [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000b03, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = b03 se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-21-726309263-4128913605-1168186429-512 mask = f0fff, current desired = 302 se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f0fff, current desired = 302 [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(314) se_access_check: access (b03) denied. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_open_pol2 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_ACCESS_DENIED [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 826 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 80 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16641 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 22 00 00 ........ .....".. [030] C0 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 180 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xb4 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 51 of length 184 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16705 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28939 (0x710B) smb_bcc=113 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 0A 00 00 ........ .`...... [020] 00 48 00 00 00 00 00 2C 00 A0 96 14 00 09 00 00 .H....., ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 05 18 00 00 .R.L.I.N ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 28 F4 12 00 0C 00 00 00 02 00 01 00 FF 0F 0F .(...... ........ [070] 00 . [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710b [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 710b) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ba318 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710b name: lsarpc open: Yes len: 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0060 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000048 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 002c [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x8123cd4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr : 001496a0 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.M.E.R.L.I.N... [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000022 lsa_io_obj_attr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 len : 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 ptr_root_dir: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c ptr_obj_name: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 attributes : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 ptr_sec_desc: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 ptr_sec_qos : 0012f428 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00003c lsa_io_obj_qos sec_qos [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c len : 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0040 sec_imp_level : 0002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0042 sec_ctxt_mode : 01 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0043 effective_only: 00 [2005/05/12 14:30:47, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(182) lsa_io_sec_qos: length c does not match size 8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 des_access: 000f0fff [2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f0fff, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = f0fff se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-21-726309263-4128913605-1168186429-512 mask = f0fff, current desired = d07fe se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f0fff, current desired = d07fe [2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(314) se_access_check: access (f0fff) denied. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_open_pol2 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_ACCESS_DENIED [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 826 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 80 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710b name: lsarpc len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16705 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 22 00 00 ........ .....".. [030] C0 . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 144 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x90 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 52 of length 148 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16769 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=77 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 0E 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 28 00 00 00 00 00 0B 00 00 .$.....( ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 01 00 45 ........ B.%....E [040] 00 00 00 00 00 00 02 00 00 FF 3F 00 00 ........ ..?.. [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=60 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 003c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000e [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 44, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000024 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0028 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x28 - api_rpcTNP: rpc command: SAMR_QUERY_DISPINFO [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[26].fn == 0x815413d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_query_dispinfo [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 switch_level: 0001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 start_idx : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c max_entries : 00000200 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 max_size : 00003fff [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(802) samr_reply_query_dispinfo: 802 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(861) samr_reply_query_dispinfo: buffer size limits to only 511 entries [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1133) smbldap_search_paged: base => [ou=People,ou=Users,dc=terpstra-world,dc=org], filter => [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024] [2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [ou=People,ou=Users,dc=terpstra-world,dc=org], filter => [(&(uid=*)(objectclass=sambaSamAccount))], scope => [2] [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1172) smbldap_search_paged: search was successfull [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 10] rpc_parse/parse_samr.c:init_sam_dispinfo_1(1525) init_sam_dispinfo_1: num_entries: 6 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) init_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) init_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) init_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) init_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) init_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) init_sam_entry1 [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(949) _samr_query_dispinfo: 949 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_samr_r_query_dispinfo(1966) init_samr_r_query_dispinfo: level 1 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_query_dispinfo [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 total_size : 000000c0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data_size : 00004000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 switch_level: 0001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c num_entries : 00000006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 ptr_entries : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 num_entries2: 00000006 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 sam_io_sam_dispinfo_1 users [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000018 sam_io_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 user_idx : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c rid_user : 000001f4 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0020 acb_info : 0010 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unihdr hdr_acct_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 uni_str_len: 0008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 uni_max_len: 0008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unihdr hdr_user_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002c uni_str_len: 003a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002e uni_max_len: 003a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_unihdr hdr_user_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0034 uni_str_len: 001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0036 uni_max_len: 001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00003c sam_io_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c user_idx : 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 rid_user : 00000bb8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0044 acb_info : 0010 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_unihdr hdr_acct_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0048 uni_str_len: 0006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 004a uni_max_len: 0006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_unihdr hdr_user_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0050 uni_str_len: 001c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0052 uni_max_len: 001c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_unihdr hdr_user_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0058 uni_str_len: 001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 005a uni_max_len: 001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000060 sam_io_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0060 user_idx : 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 rid_user : 00000bbc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0068 acb_info : 0010 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00006c smb_io_unihdr hdr_acct_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006c uni_str_len: 0006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006e uni_max_len: 0006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000074 smb_io_unihdr hdr_user_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0074 uni_str_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0076 uni_max_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0078 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00007c smb_io_unihdr hdr_user_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 007c uni_str_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 007e uni_max_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0080 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000084 sam_io_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0084 user_idx : 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0088 rid_user : 00000bbe [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 008c acb_info : 0010 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000090 smb_io_unihdr hdr_acct_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0090 uni_str_len: 0006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0092 uni_max_len: 0006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0094 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_unihdr hdr_user_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0098 uni_str_len: 000e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009a uni_max_len: 000e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 009c buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 smb_io_unihdr hdr_user_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00a0 uni_str_len: 000e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00a2 uni_max_len: 000e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a4 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000a8 sam_io_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a8 user_idx : 00000005 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ac rid_user : 00000bc0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b0 acb_info : 0010 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000b4 smb_io_unihdr hdr_acct_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b4 uni_str_len: 0006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b6 uni_max_len: 0006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b8 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000bc smb_io_unihdr hdr_user_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00bc uni_str_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00be uni_max_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c0 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000c4 smb_io_unihdr hdr_user_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00c4 uni_str_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00c6 uni_max_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c8 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000cc sam_io_sam_entry1 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00cc user_idx : 00000006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d0 rid_user : 00000bc6 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00d4 acb_info : 0010 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000d8 smb_io_unihdr hdr_acct_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00d8 uni_str_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00da uni_max_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000e0 smb_io_unihdr hdr_user_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00e0 uni_str_len: 0014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00e2 uni_max_len: 0014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e4 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000e8 smb_io_unihdr hdr_user_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00e8 uni_str_len: 001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00ea uni_max_len: 001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ec buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000f0 sam_io_sam_str1 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000f0 smb_io_unistr2 name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f0 uni_max_len: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f4 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f8 uni_str_len: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00fc buffer : r.o.o.t. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000104 smb_io_unistr2 desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0104 uni_max_len: 0000001d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0108 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 010c uni_str_len: 0000001d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0110 buffer : L.D.A.P. .B.a.s.e.d. .S.u.p.e.r. .U.s.e.r. .A.c.c.o.u.n.t. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00014a smb_io_unistr2 full [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 014c uni_max_len: 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0150 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0154 uni_str_len: 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0158 buffer : S.y.s.t.e.m. .B.o.s.s. .M.a.n. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000176 sam_io_sam_str1 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000178 smb_io_unistr2 name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0178 uni_max_len: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 017c offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0180 uni_str_len: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0184 buffer : j.h.t. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00018a smb_io_unistr2 desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 018c uni_max_len: 0000000e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0190 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0194 uni_str_len: 0000000e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0198 buffer : B.i.g. .S.l.e.u.t.h. .M.a.n. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001b4 smb_io_unistr2 full [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01b4 uni_max_len: 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01b8 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01bc uni_str_len: 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 01c0 buffer : J.o.h.n. .H. .T.e.r.p.s.t.r.a. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0001de sam_io_sam_str1 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001e0 smb_io_unistr2 name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01e0 uni_max_len: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01e4 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01e8 uni_str_len: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 01ec buffer : l.c.t. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001f2 smb_io_unistr2 desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01f4 uni_max_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01f8 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01fc uni_str_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0200 buffer : W.o.n.d.e.r. .W.o.m.a.n. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000218 smb_io_unistr2 full [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0218 uni_max_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 021c offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0220 uni_str_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0224 buffer : W.o.n.d.e.r. .W.o.m.a.n. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00023c sam_io_sam_str1 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00023c smb_io_unistr2 name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 023c uni_max_len: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0240 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0244 uni_str_len: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0248 buffer : a.j.t. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00024e smb_io_unistr2 desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0250 uni_max_len: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0254 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0258 uni_str_len: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 025c buffer : B.i.g. .M.a.n. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00026a smb_io_unistr2 full [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 026c uni_max_len: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0270 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0274 uni_str_len: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0278 buffer : B.i.g. .M.a.n. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000286 sam_io_sam_str1 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000288 smb_io_unistr2 name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0288 uni_max_len: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 028c offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0290 uni_str_len: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0294 buffer : m.e.t. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00029a smb_io_unistr2 desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 029c uni_max_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02a0 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02a4 uni_str_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 02a8 buffer : K.a.r.a.t.e. .M.i.s.s.y. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0002c0 smb_io_unistr2 full [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02c0 uni_max_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02c4 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02c8 uni_str_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 02cc buffer : K.a.r.a.t.e. .M.i.s.s.y. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0002e4 sam_io_sam_str1 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0002e4 smb_io_unistr2 name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02e4 uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02e8 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02ec uni_str_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 02f0 buffer : v.l.e.n.d.e.c.k.e. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000302 smb_io_unistr2 desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0304 uni_max_len: 0000000a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0308 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 030c uni_str_len: 0000000a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0310 buffer : G.u.e.s.t. .U.s.e.r. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000324 smb_io_unistr2 full [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0324 uni_max_len: 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0328 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 032c uni_str_len: 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0330 buffer : V.o.l.k.e.r. .L.e.n.d.e.c.k.e. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0350 status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 962 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 44 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 852. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 036c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000354 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..876] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=932 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16769 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 876 (0x36C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 876 (0x36C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=877 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 6C 03 00 00 0E 00 00 ........ .l...... [010] 00 54 03 00 00 00 00 00 00 C0 00 00 00 00 40 00 .T...... ......@. [020] 00 01 00 00 00 06 00 00 00 01 00 00 00 06 00 00 ........ ........ [030] 00 01 00 00 00 F4 01 00 00 10 00 00 00 08 00 08 ........ ........ [040] 00 01 00 00 00 3A 00 3A 00 01 00 00 00 1E 00 1E .....:.: ........ [050] 00 01 00 00 00 02 00 00 00 B8 0B 00 00 10 00 00 ........ ........ [060] 00 06 00 06 00 01 00 00 00 1C 00 1C 00 01 00 00 ........ ........ [070] 00 1E 00 1E 00 01 00 00 00 03 00 00 00 BC 0B 00 ........ ........ [080] 00 10 00 00 00 06 00 06 00 01 00 00 00 18 00 18 ........ ........ [090] 00 01 00 00 00 18 00 18 00 01 00 00 00 04 00 00 ........ ........ [0A0] 00 BE 0B 00 00 10 00 00 00 06 00 06 00 01 00 00 ........ ........ [0B0] 00 0E 00 0E 00 01 00 00 00 0E 00 0E 00 01 00 00 ........ ........ [0C0] 00 05 00 00 00 C0 0B 00 00 10 00 00 00 06 00 06 ........ ........ [0D0] 00 01 00 00 00 18 00 18 00 01 00 00 00 18 00 18 ........ ........ [0E0] 00 01 00 00 00 06 00 00 00 C6 0B 00 00 10 00 00 ........ ........ [0F0] 00 12 00 12 00 01 00 00 00 14 00 14 00 01 00 00 ........ ........ [100] 00 1E 00 1E 00 01 00 00 00 04 00 00 00 00 00 00 ........ ........ [110] 00 04 00 00 00 72 00 6F 00 6F 00 74 00 1D 00 00 .....r.o .o.t.... [120] 00 00 00 00 00 1D 00 00 00 4C 00 44 00 41 00 50 ........ .L.D.A.P [130] 00 20 00 42 00 61 00 73 00 65 00 64 00 20 00 53 . .B.a.s .e.d. .S [140] 00 75 00 70 00 65 00 72 00 20 00 55 00 73 00 65 .u.p.e.r . .U.s.e [150] 00 72 00 20 00 41 00 63 00 63 00 6F 00 75 00 6E .r. .A.c .c.o.u.n [160] 00 74 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 .t...... ........ [170] 00 53 00 79 00 73 00 74 00 65 00 6D 00 20 00 42 .S.y.s.t .e.m. .B [180] 00 6F 00 73 00 73 00 20 00 4D 00 61 00 6E 00 00 .o.s.s. .M.a.n.. [190] 00 03 00 00 00 00 00 00 00 03 00 00 00 6A 00 68 ........ .....j.h [1A0] 00 74 00 00 00 0E 00 00 00 00 00 00 00 0E 00 00 .t...... ........ [1B0] 00 42 00 69 00 67 00 20 00 53 00 6C 00 65 00 75 .B.i.g. .S.l.e.u [1C0] 00 74 00 68 00 20 00 4D 00 61 00 6E 00 0F 00 00 .t.h. .M .a.n.... [1D0] 00 00 00 00 00 0F 00 00 00 4A 00 6F 00 68 00 6E ........ .J.o.h.n [1E0] 00 20 00 48 00 20 00 54 00 65 00 72 00 70 00 73 . .H. .T .e.r.p.s [1F0] 00 74 00 72 00 61 00 00 00 03 00 00 00 00 00 00 .t.r.a.. ........ [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,936) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,936) wrote 936 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 53 of length 140 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16833 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=69 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 0F 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 0F 00 00 00 00 00 0B 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [040] 00 FF FF 00 00 ..... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0034 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000f [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 000f [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0xf - api_rpcTNP: rpc command: SAMR_ENUM_DOM_ALIASES [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[6].fn == 0x8153fcc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_enum_dom_aliases [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 start_idx: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 max_size : 0000ffff [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_enum_dom_aliases: access check ((granted: 0x000d07fb; required: 0x00000100) [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(745) samr_reply_enum_dom_aliases: sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1133) smbldap_search_paged: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4))],scope => [2], pagesize => [1024] [2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4))], scope => [2] [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1172) smbldap_search_paged: search was successfull [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_samr_r_enum_dom_aliases(3382) init_samr_r_enum_dom_aliases [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(774) samr_enum_dom_aliases: 774 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_enum_dom_aliases [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 next_idx : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr_entries1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_entries4: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 000c status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 36 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0028 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16833 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0F 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 ........ . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,100) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,100) wrote 100 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 54 of length 140 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16897 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=69 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 10 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 0F 00 00 00 00 00 05 00 00 ........ ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [040] 00 FF FF 00 00 ..... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0034 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000010 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 000f [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0xf - api_rpcTNP: rpc command: SAMR_ENUM_DOM_ALIASES [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[6].fn == 0x8153fcc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_enum_dom_aliases [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000005 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 start_idx: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 max_size : 0000ffff [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 05 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_enum_dom_aliases: access check ((granted: 0x000d07fa; required: 0x00000100) [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(745) samr_reply_enum_dom_aliases: sid S-1-5-32 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1133) smbldap_search_paged: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=5))],scope => [2], pagesize => [1024] [2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=5))], scope => [2] [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1172) smbldap_search_paged: search was successfull [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_samr_r_enum_dom_aliases(3382) init_samr_r_enum_dom_aliases [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(774) samr_enum_dom_aliases: 774 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_enum_dom_aliases [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 next_idx : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr_entries1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_entries4: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 000c status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 36 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0028 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16897 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 ........ . [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,100) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,100) wrote 100 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 144 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x90 [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 55 of length 148 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16961 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=77 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 11 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 30 00 00 00 00 00 0B 00 00 .$.....0 ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 03 00 00 ........ B.%..... [040] 00 00 00 00 00 D0 07 00 00 FF 7F 00 00 ........ ..... [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=60 params=0 setup=2 [2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 003c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000011 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 44, incoming data = 44 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000024 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0030 [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x30 - api_rpcTNP: rpc command: SAMR_QUERY_DISPINFO3 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[27].fn == 0x815413d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_query_dispinfo [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 switch_level: 0003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 start_idx : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c max_entries : 000007d0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 max_size : 00007fff [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(802) samr_reply_query_dispinfo: 802 [2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(849) samr_reply_query_dispinfo: client requested 2000 entries, limiting to 1024 [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(861) samr_reply_query_dispinfo: buffer size limits to only 1023 entries [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1133) smbldap_search_paged: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=2))],scope => [2], pagesize => [1024] [2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=2))], scope => [2] [2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1172) smbldap_search_paged: search was successfull [2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_dispinfo_3(1704) init_sam_dispinfo_3: num_entries: 8 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) init_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) init_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) init_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) init_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) init_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) init_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) init_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) init_sam_entry3 [2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(949) _samr_query_dispinfo: 949 [2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_samr_r_query_dispinfo(1966) init_samr_r_query_dispinfo: level 3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_query_dispinfo [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 total_size : 00000100 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data_size : 00008000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 switch_level: 0003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c num_entries : 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 ptr_entries : 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 num_entries2: 00000008 [2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 sam_io_sam_dispinfo_3 groups [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000018 sam_io_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 grp_idx: 00000001 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c rid_grp: 00000200 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 attr : 00000007 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 uni_str_len: 001a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 uni_max_len: 001a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002c uni_str_len: 003a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002e uni_max_len: 003a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 sam_io_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 grp_idx: 00000002 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 rid_grp: 00000201 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c attr : 00000007 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0040 uni_str_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0042 uni_max_len: 0018 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0048 uni_str_len: 0028 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 004a uni_max_len: 0028 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000050 sam_io_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 grp_idx: 00000003 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 rid_grp: 00000202 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0058 attr : 00000007 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00005c smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 005c uni_str_len: 001a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 005e uni_max_len: 001a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0060 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000064 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0064 uni_str_len: 0036 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0066 uni_max_len: 0036 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0068 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00006c sam_io_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c grp_idx: 00000004 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 rid_grp: 00000226 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 attr : 00000007 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0078 uni_str_len: 001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 007a uni_max_len: 001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0080 uni_str_len: 003c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0082 uni_max_len: 003c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0084 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000088 sam_io_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0088 grp_idx: 00000005 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 008c rid_grp: 00000227 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0090 attr : 00000007 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000094 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0094 uni_str_len: 0020 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0096 uni_max_len: 0020 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0098 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00009c smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009c uni_str_len: 0080 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009e uni_max_len: 0080 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000a4 sam_io_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a4 grp_idx: 00000006 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a8 rid_grp: 00000228 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ac attr : 00000007 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000b0 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b0 uni_str_len: 0014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b2 uni_max_len: 0014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b4 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000b8 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b8 uni_str_len: 007a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00ba uni_max_len: 007a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000c0 sam_io_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c0 grp_idx: 00000007 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c4 rid_grp: 00000229 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c8 attr : 00000007 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000cc smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00cc uni_str_len: 0020 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00ce uni_max_len: 0020 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d0 buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000d4 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00d4 uni_str_len: 0042 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00d6 uni_max_len: 0042 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d8 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000dc sam_io_sam_entry3 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc grp_idx: 00000008 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e0 rid_grp: 00000bb9 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e4 attr : 00000007 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000e8 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00e8 uni_str_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00ea uni_max_len: 0012 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ec buffer : 00000001 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000f0 smb_io_unihdr unihdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00f0 uni_str_len: 0022 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00f2 uni_max_len: 0022 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f4 buffer : 00000001 [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000f8 sam_io_sam_str3 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000f8 smb_io_unistr2 uni_grp_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f8 uni_max_len: 0000000d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00fc offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0100 uni_str_len: 0000000d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0104 buffer : D.o.m.a.i.n. .A.d.m.i.n.s. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00011e smb_io_unistr2 uni_grp_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0120 uni_max_len: 0000001d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0124 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0128 uni_str_len: 0000001d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 012c buffer : N.e.t.B.I.O.S. .D.o.m.a.i.n. .A.d.m.i.n.i.s.t.r.a.t.o.r.s. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000166 sam_io_sam_str3 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000168 smb_io_unistr2 uni_grp_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0168 uni_max_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 016c offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0170 uni_str_len: 0000000c [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0174 buffer : D.o.m.a.i.n. .U.s.e.r.s. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00018c smb_io_unistr2 uni_grp_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 018c uni_max_len: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0190 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0194 uni_str_len: 00000014 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0198 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .U.s.e.r.s. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0001c0 sam_io_sam_str3 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001c0 smb_io_unistr2 uni_grp_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01c0 uni_max_len: 0000000d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01c4 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01c8 uni_str_len: 0000000d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 01cc buffer : D.o.m.a.i.n. .G.u.e.s.t.s. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001e6 smb_io_unistr2 uni_grp_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01e8 uni_max_len: 0000001b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01ec offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01f0 uni_str_len: 0000001b [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 01f4 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .G.u.e.s.t.s. .U.s.e.r.s. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00022a sam_io_sam_str3 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00022c smb_io_unistr2 uni_grp_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 022c uni_max_len: 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0230 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0234 uni_str_len: 0000000f [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0238 buffer : P.r.i.n.t. .O.p.e.r.a.t.o.r.s. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000256 smb_io_unistr2 uni_grp_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0258 uni_max_len: 0000001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 025c offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0260 uni_str_len: 0000001e [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0264 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .P.r.i.n.t. .O.p.e.r.a.t.o.r.s. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0002a0 sam_io_sam_str3 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0002a0 smb_io_unistr2 uni_grp_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02a0 uni_max_len: 00000010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02a4 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02a8 uni_str_len: 00000010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 02ac buffer : B.a.c.k.u.p. .O.p.e.r.a.t.o.r.s. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 0002cc smb_io_unistr2 uni_grp_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02cc uni_max_len: 00000040 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02d0 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 02d4 uni_str_len: 00000040 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 02d8 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .M.e.m.b.e.r.s. .c.a.n. .b.y.p.a.s.s. .f.i.l.e. .s.e.c.u.r.i.t.y. .t.o. .b.a.c.k. .u.p. .f.i.l.e.s. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 000358 sam_io_sam_str3 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000358 smb_io_unistr2 uni_grp_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0358 uni_max_len: 0000000a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 035c offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0360 uni_str_len: 0000000a [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0364 buffer : R.e.p.l.i.c.a.t.o.r. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000378 smb_io_unistr2 uni_grp_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0378 uni_max_len: 0000003d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 037c offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0380 uni_str_len: 0000003d [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0384 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .S.u.p.p.o.r.t.s. .f.i.l.e. .r.e.p.l.i.c.a.t.i.o.n. .i.n. .a. .s.a.m.b.a.D.o.m.a.i.n.N.a.m.e. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 0003fe sam_io_sam_str3 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 000400 smb_io_unistr2 uni_grp_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0400 uni_max_len: 00000010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0404 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0408 uni_str_len: 00000010 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 040c buffer : D.o.m.a.i.n. .C.o.m.p.u.t.e.r.s. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00042c smb_io_unistr2 uni_grp_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 042c uni_max_len: 00000021 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0430 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0434 uni_str_len: 00000021 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0438 buffer : N.e.t.B.I.O.S. .D.o.m.a.i.n. .C.o.m.p.u.t.e.r.s. .a.c.c.o.u.n.t.s. [2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) 00047a sam_io_sam_str3 [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00047c smb_io_unistr2 uni_grp_name [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 047c uni_max_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0480 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0484 uni_str_len: 00000009 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0488 buffer : E.n.g.i.n.e.e.r.s. [2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) 00049a smb_io_unistr2 uni_grp_desc [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 049c uni_max_len: 00000011 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 04a0 offset : 00000000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 04a4 uni_str_len: 00000011 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 04a8 buffer : D.o.m.a.i.n. .U.n.i.x. .g.r.o.u.p. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 04cc status: NT_STATUS_OK [2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 1350 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 44 [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1024 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 1232. [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 04e8 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000011 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 000004d0 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:47, 5] smbd/ipc.c:send_trans_reply(89) send_trans_reply: buffer 1024 too large [2005/05/12 14:30:47, 3] smbd/error.c:error_packet(147) error packet at smbd/ipc.c(97) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..1024] [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=16961 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 E8 04 00 00 11 00 00 ........ ........ [010] 00 D0 04 00 00 00 00 00 00 00 01 00 00 00 80 00 ........ ........ [020] 00 03 00 00 00 08 00 00 00 01 00 00 00 08 00 00 ........ ........ [030] 00 01 00 00 00 00 02 00 00 07 00 00 00 1A 00 1A ........ ........ [040] 00 01 00 00 00 3A 00 3A 00 01 00 00 00 02 00 00 .....:.: ........ [050] 00 01 02 00 00 07 00 00 00 18 00 18 00 01 00 00 ........ ........ [060] 00 28 00 28 00 01 00 00 00 03 00 00 00 02 02 00 .(.(.... ........ [070] 00 07 00 00 00 1A 00 1A 00 01 00 00 00 36 00 36 ........ .....6.6 [080] 00 01 00 00 00 04 00 00 00 26 02 00 00 07 00 00 ........ .&...... [090] 00 1E 00 1E 00 01 00 00 00 3C 00 3C 00 01 00 00 ........ .<.<.... [0A0] 00 05 00 00 00 27 02 00 00 07 00 00 00 20 00 20 .....'.. ..... . [0B0] 00 01 00 00 00 80 00 80 00 01 00 00 00 06 00 00 ........ ........ [0C0] 00 28 02 00 00 07 00 00 00 14 00 14 00 01 00 00 .(...... ........ [0D0] 00 7A 00 7A 00 01 00 00 00 07 00 00 00 29 02 00 .z.z.... .....).. [0E0] 00 07 00 00 00 20 00 20 00 01 00 00 00 42 00 42 ..... . .....B.B [0F0] 00 01 00 00 00 08 00 00 00 B9 0B 00 00 07 00 00 ........ ........ [100] 00 12 00 12 00 01 00 00 00 22 00 22 00 01 00 00 ........ .".".... [110] 00 0D 00 00 00 00 00 00 00 0D 00 00 00 44 00 6F ........ .....D.o [120] 00 6D 00 61 00 69 00 6E 00 20 00 41 00 64 00 6D .m.a.i.n . .A.d.m [130] 00 69 00 6E 00 73 00 00 00 1D 00 00 00 00 00 00 .i.n.s.. ........ [140] 00 1D 00 00 00 4E 00 65 00 74 00 42 00 49 00 4F .....N.e .t.B.I.O [150] 00 53 00 20 00 44 00 6F 00 6D 00 61 00 69 00 6E .S. .D.o .m.a.i.n [160] 00 20 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 . .A.d.m .i.n.i.s [170] 00 74 00 72 00 61 00 74 00 6F 00 72 00 73 00 00 .t.r.a.t .o.r.s.. [180] 00 0C 00 00 00 00 00 00 00 0C 00 00 00 44 00 6F ........ .....D.o [190] 00 6D 00 61 00 69 00 6E 00 20 00 55 00 73 00 65 .m.a.i.n . .U.s.e [1A0] 00 72 00 73 00 14 00 00 00 00 00 00 00 14 00 00 .r.s.... ........ [1B0] 00 4E 00 65 00 74 00 62 00 69 00 6F 00 73 00 20 .N.e.t.b .i.o.s. [1C0] 00 44 00 6F 00 6D 00 61 00 69 00 6E 00 20 00 55 .D.o.m.a .i.n. .U [1D0] 00 73 00 65 00 72 00 73 00 0D 00 00 00 00 00 00 .s.e.r.s ........ [1E0] 00 0D 00 00 00 44 00 6F 00 6D 00 61 00 69 00 6E .....D.o .m.a.i.n [1F0] 00 20 00 47 00 75 00 65 00 73 00 74 00 73 00 00 . .G.u.e .s.t.s.. [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,1084) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,1084) wrote 1084 [2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 59 [2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x3b [2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) Transaction 56 of length 63 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=17025 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28938 (0x710A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 232 (0xE8) smb_vwv[ 6]= 232 (0xE8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 232 (0xE8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) switch message SMBreadX (pid 9712) conn 0x83b6eac [2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 232 [2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: samr: current_pdu_len = 1256, current_pdu_sent = 1024 returning 232 bytes. [2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=710a min=232 max=232 nread=232 [2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) size=291 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=17025 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 232 (0xE8) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=232 [2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) [000] 61 00 44 00 6F 00 6D 00 61 00 69 00 6E 00 4E 00 a.D.o.m. a.i.n.N. [010] 61 00 6D 00 65 00 00 00 10 00 00 00 00 00 00 00 a.m.e... ........ [020] 10 00 00 00 44 00 6F 00 6D 00 61 00 69 00 6E 00 ....D.o. m.a.i.n. [030] 20 00 43 00 6F 00 6D 00 70 00 75 00 74 00 65 00 .C.o.m. p.u.t.e. [040] 72 00 73 00 21 00 00 00 00 00 00 00 21 00 00 00 r.s.!... ....!... [050] 4E 00 65 00 74 00 42 00 49 00 4F 00 53 00 20 00 N.e.t.B. I.O.S. . [060] 44 00 6F 00 6D 00 61 00 69 00 6E 00 20 00 43 00 D.o.m.a. i.n. .C. [070] 6F 00 6D 00 70 00 75 00 74 00 65 00 72 00 73 00 o.m.p.u. t.e.r.s. [080] 20 00 61 00 63 00 63 00 6F 00 75 00 6E 00 74 00 .a.c.c. o.u.n.t. [090] 73 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 s....... ........ [0A0] 45 00 6E 00 67 00 69 00 6E 00 65 00 65 00 72 00 E.n.g.i. n.e.e.r. [0B0] 73 00 00 00 11 00 00 00 00 00 00 00 11 00 00 00 s....... ........ [0C0] 44 00 6F 00 6D 00 61 00 69 00 6E 00 20 00 55 00 D.o.m.a. i.n. .U. [0D0] 6E 00 69 00 78 00 20 00 67 00 72 00 6F 00 75 00 n.i.x. . g.r.o.u. [0E0] 70 00 00 00 00 00 00 00 p....... [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) write_socket(29,295) [2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) write_socket(29,295) wrote 295 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 57 of length 140 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17089 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=69 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 12 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 0B 00 00 ......." ........ [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 BF 01 06 ........ B.%..... [040] 00 C6 0B 00 00 ..... [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0034 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000012 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0022 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPEN_USER [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[20].fn == 0x8154894 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_user [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000b [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f7 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 access_mask: 000601bf [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 user_rid : 00000bc6 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_user: access check ((granted: 0x000d07fb; required: 0x00000200) [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd04e4] [2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x0002011b, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 2035b, current desired = 2011b [2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2011b) granted. [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_user: access GRANTED (requested: 0x0002011b, granted: 0x000f05ff) [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:49, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(sambaSID=S-1-5-21-726309263-4128913605-1168186429-3014)(objectclass=sambaSamAccount))], scope => [2] [2005/05/12 14:30:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: vlendecke [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Volker Lendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\login.cmd, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaMungedDial] = [] [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaLogonHours] = [] [2005/05/12 14:30:49, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user vlendecke [2005/05/12 14:30:49, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2005/05/12 14:30:49, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) No cache entry, bad count = 0, bad time = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[5] [000] 00 00 00 00 0C 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_user [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd user_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 1680 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 36 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000012 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17089 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 12 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 ........ ........ [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 58 of length 132 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17153 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=61 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 13 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 0C 00 00 ........ ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 44 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000013 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0001 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[0].fn == 0x81535a8 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0C 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000013 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17153 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 13 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 164 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa4 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 59 of length 168 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17217 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=97 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 14 00 00 ........ .P...... [020] 00 38 00 00 00 00 00 40 00 78 BC 14 00 09 00 00 .8.....@ .x...... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 00 30 00 00 .R.L.I.N .....0.. [050] 00 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 ........ ........ [060] 00 . [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=80 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 80 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0050 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000014 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000038 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0040 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x40 - unknown [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 23 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0020 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000014 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_hdr_fault fault [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0018 status : NT code 0x1c010002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c reserved: 00000000 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 64 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: samr: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17217 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 14 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,92) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,92) wrote 92 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 152 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x98 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 60 of length 156 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17281 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=85 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 44 00 00 00 15 00 00 ........ .D...... [020] 00 2C 00 00 00 00 00 3E 00 78 BC 14 00 09 00 00 .,.....> .x...... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 00 02 00 00 .R.L.I.N ........ [050] 00 30 00 00 00 .0... [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=68 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 68 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 68 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000015 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 52, incoming data = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000002c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 003e [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[47].fn == 0x81552b4 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_connect4 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr_srv_name: 0014bc78 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000009 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000009 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.M.E.R.L.I.N... [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 unk_0: 00000002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 access_mask: 00000030 [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2205) _samr_connect4: 2205 [2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000030, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 30 [2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (30) granted. [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_connect4: access GRANTED (requested: 0x00000030, granted: 0x00000030) [2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid (NULL) [2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(246) get_samr_info_by_sid: created new info for NULL sid. [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[5] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2237) _samr_connect: 2237 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_connect4 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd connect_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000d [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 974 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 52 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000015 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17281 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 15 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 61 of length 140 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17345 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=69 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 16 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 0D 00 00 ........ ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [040] 00 00 20 00 00 .. .. [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0034 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000016 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0006 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[3].fn == 0x81555a9 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_enum_domains [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000d [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 start_idx: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 max_size : 00002000 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2292) make_enum_domains [2005/05/12 14:30:49, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) init_sam_entry: 0 [2005/05/12 14:30:49, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) init_sam_entry: 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3109) init_samr_r_enum_domains [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_enum_domains [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 next_idx : 00000002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr_entries1: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_entries2: 00000002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c ptr_entries2: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 num_entries3: 00000002 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000014 sam_io_sam_entry dom[0] [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 rid: 00000000 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_unihdr unihdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0018 uni_str_len: 0010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001a uni_max_len: 0010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c buffer : 00000001 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 sam_io_sam_entry dom[1] [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 rid: 00000000 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unihdr unihdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 uni_str_len: 000e [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 uni_max_len: 000e [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 buffer : 00000001 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unistr2 dom[0] [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c uni_max_len: 00000008 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 uni_str_len: 00000008 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0038 buffer : M.I.D.E.A.R.T.H. [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_unistr2 dom[1] [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0048 uni_max_len: 00000007 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 uni_str_len: 00000007 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0054 buffer : B.u.i.l.t.i.n. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 num_entries4: 00000002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0068 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 90 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 36 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0084 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000016 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000006c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..132] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=188 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17345 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 132 (0x84) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 132 (0x84) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 84 00 00 00 16 00 00 ........ ........ [010] 00 6C 00 00 00 00 00 00 00 02 00 00 00 01 00 00 .l...... ........ [020] 00 02 00 00 00 01 00 00 00 02 00 00 00 00 00 00 ........ ........ [030] 00 10 00 10 00 01 00 00 00 00 00 00 00 0E 00 0E ........ ........ [040] 00 01 00 00 00 08 00 00 00 00 00 00 00 08 00 00 ........ ........ [050] 00 4D 00 49 00 44 00 45 00 41 00 52 00 54 00 48 .M.I.D.E .A.R.T.H [060] 00 07 00 00 00 00 00 00 00 07 00 00 00 42 00 75 ........ .....B.u [070] 00 69 00 6C 00 74 00 69 00 6E 00 00 00 02 00 00 .i.l.t.i .n...... [080] 00 00 00 00 00 ..... [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,192) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,192) wrote 192 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 164 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa4 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 62 of length 168 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17409 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=97 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 17 00 00 ........ .P...... [020] 00 38 00 00 00 00 00 05 00 00 00 00 00 0D 00 00 .8...... ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 10 00 10 ........ B.%..... [040] 00 30 BE 14 00 08 00 00 00 00 00 00 00 08 00 00 .0...... ........ [050] 00 4D 00 49 00 44 00 45 00 41 00 52 00 54 00 48 .M.I.D.E .A.R.T.H [060] 00 . [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=80 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 80 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0050 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000017 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000038 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0005 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[41].fn == 0x8155422 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_lookup_domain [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd connect_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000d [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unihdr hdr_domain [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 uni_str_len: 0010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 uni_max_len: 0010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 buffer : 0014be30 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unistr2 uni_domain [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_max_len: 00000008 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 uni_str_len: 00000008 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0028 buffer : M.I.D.E.A.R.T.H. [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000020) [2005/05/12 14:30:49, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2274) Returning domain sid for domain MIDEARTH -> S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(138) init_samr_r_lookup_domain [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_lookup_domain [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr: 00000001 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_dom_sid2 sid [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 num_auths: 00000004 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_dom_sid sid [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0008 sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0009 num_auths : 04 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000a id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000b id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000c id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000d id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000f id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0010 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0020 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 64 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 003c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000017 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000024 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..60] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17409 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 17 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .$...... ........ [020] 00 01 04 00 00 00 00 00 05 15 00 00 00 8F 99 4A ........ .......J [030] 2B C5 38 1A F6 3D 1C A1 45 00 00 00 00 +.8..=.. E.... [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,120) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,120) wrote 120 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 160 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xa0 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 63 of length 164 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17473 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=93 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 18 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 .4...... ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 02 00 ........ B.%..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 76 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000018 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000034 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000d [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 00000200 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000004 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 04 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000200, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 200 [2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (200) granted. [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000200, granted: 0x000d067a) [2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[6] [000] 00 00 00 00 0E 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000e [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000018 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17473 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 18 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 148 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x94 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 64 of length 152 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17537 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=81 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 19 00 00 ........ .@...... [020] 00 28 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 .(...... ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 80 02 00 ........ B.%..... [040] 00 01 00 00 00 01 01 00 00 00 00 00 05 20 00 00 ........ ..... .. [050] 00 . [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=64 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0040 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000019 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 48, incoming data = 48 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000028 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153716 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000d [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 00000280 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000001 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000020 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd047a] [2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000280, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 280 [2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (280) granted. [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x00000280, granted: 0x000d06fa) [2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-32 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[7] [000] 00 00 00 00 0F 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000f [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 48 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000019 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17537 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 19 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 182 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xb6 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 65 of length 186 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=182 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17601 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=115 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 62 00 00 00 1A 00 00 ........ .b...... [020] 00 4A 00 00 00 00 00 11 00 00 00 00 00 0E 00 00 .J...... ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 01 00 00 ........ B.%..... [040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 12 00 14 ........ ........ [050] 00 08 6F 32 00 0A 00 00 00 00 00 00 00 09 00 00 ..o2.... ........ [060] 00 76 00 6C 00 65 00 6E 00 64 00 65 00 63 00 6B .v.l.e.n .d.e.c.k [070] 00 65 00 .e. [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=98 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 98 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 98 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 98 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 98, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 82 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 82 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0062 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 82 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 82, incoming data = 82 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000004a [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0011 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[19].fn == 0x8154418 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_lookup_names [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000e [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 num_names1: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 flags : 000003e8 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 num_names2: 00000001 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unihdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 uni_str_len: 0012 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 uni_max_len: 0014 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 buffer : 00326f08 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unistr2 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c uni_max_len: 0000000a [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 uni_str_len: 00000009 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0038 buffer : v.l.e.n.d.e.c.k.e. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1088) _samr_lookup_names: 1088 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0E 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_lookup_names: access check ((granted: 0x000d067a; required: 0000000000) [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1107) _samr_lookup_names: looking name on SID S-1-5-21-726309263-4128913605-1168186429 [2005/05/12 14:30:49, 10] passdb/util_sam_sid.c:map_name_to_wellknown_sid(289) map_name_to_wellknown_sid: looking up vlendecke [2005/05/12 14:30:49, 4] lib/username.c:map_username(132) Scanning username map /etc/samba/smbusers [2005/05/12 14:30:49, 10] lib/username.c:user_in_list(529) user_in_list: checking user vlendecke in list [2005/05/12 14:30:49, 10] lib/username.c:user_in_list(533) user_in_list: checking user |vlendecke| against |administrator| [2005/05/12 14:30:49, 10] lib/username.c:user_in_list(533) user_in_list: checking user |vlendecke| against |admin| [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:49, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=vlendecke)(objectclass=sambaSamAccount))], scope => [2] [2005/05/12 14:30:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: vlendecke [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Volker Lendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\login.cmd, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaMungedDial] = [] [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) smbldap_get_single_attribute: [sambaLogonHours] = [] [2005/05/12 14:30:49, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user vlendecke [2005/05/12 14:30:49, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2005/05/12 14:30:49, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) No cache entry, bad count = 0, bad time = 0 [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Volker Lendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\login.cmd, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 from rid 3014 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4691) init_samr_r_lookup_names [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1151) _samr_lookup_names: 1151 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_lookup_names [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 num_rids1: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr_rids : 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_rids2: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c rid[00] : 00000bc6 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 num_types1: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 ptr_types : 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_types2: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c type[00] : 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0020 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 82 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 003c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001a [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000024 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..60] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17601 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 1A 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .$...... ........ [020] 00 01 00 00 00 C6 0B 00 00 01 00 00 00 01 00 00 ........ ........ [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,120) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,120) wrote 120 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 136 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x88 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 66 of length 140 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17665 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=69 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 1B 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 0E 00 00 ......." ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 1B 01 02 ........ B.%..... [040] 00 C6 0B 00 00 ..... [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0034 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001b [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0022 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPEN_USER [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[20].fn == 0x8154894 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_user [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000e [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 access_mask: 0002011b [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 user_rid : 00000bc6 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0E 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_user: access check ((granted: 0x000d067a; required: 0x00000200) [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) access_check_samr_object: user rights access mask [0xd04e4] [2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x0002011b, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 2035b, current desired = 2011b [2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2011b) granted. [2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_user: access GRANTED (requested: 0x0002011b, granted: 0x000f05ff) [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Volker Lendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\login.cmd, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 from rid 3014 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[8] [000] 00 00 00 00 10 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_user [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd user_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 1682 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 36 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001b [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17665 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 1B 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 10 00 00 ........ ........ [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... [030] 00 . [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 130 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x82 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 67 of length 134 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17729 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=63 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 1C 00 00 ........ ........ [020] 00 16 00 00 00 00 00 24 00 00 00 00 00 10 00 00 .......$ ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 15 00 ........ B.%.... [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 46 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001c [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000016 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0024 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERY_USERINFO [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[21].fn == 0x8154a02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_query_userinfo [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 switch_value: 0015 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1584) _samr_query_userinfo: sid:S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Volker Lendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\login.cmd, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 from rid 3014 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] rpc_server/srv_samr_nt.c:get_user_info_21(1550) User:[vlendecke] [2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_query_userinfo(6454) init_samr_r_query_userinfo [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1667) _samr_query_userinfo: 1667 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_query_userinfo [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr: 00000001 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 samr_io_userinfo_ctr ctr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 switch_value: 0015 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 000008 sam_io_user_info21 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_time logon_time [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 low : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c high: 00000000 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_time logoff_time [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 low : ffffffff [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 high: 7fffffff [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_time pass_last_set_time [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 low : c0049900 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c high: 01c556c5 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_time kickoff_time [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 low : ffffffff [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 high: 7fffffff [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_time pass_can_change_time [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 low : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c high: 00000000 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_time pass_must_change_time [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 low : 7a073100 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 high: 01c819f6 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_unihdr hdr_user_name [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0038 uni_str_len: 0014 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003a uni_max_len: 0014 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c buffer : 00000001 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_unihdr hdr_full_name [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0040 uni_str_len: 0020 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0042 uni_max_len: 0020 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 buffer : 00000001 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_unihdr hdr_home_dir [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0048 uni_str_len: 0026 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 004a uni_max_len: 0026 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c buffer : 00000001 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_unihdr hdr_dir_drive [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0050 uni_str_len: 0006 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0052 uni_max_len: 0006 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 buffer : 00000001 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_unihdr hdr_logon_script [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0058 uni_str_len: 0024 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 005a uni_max_len: 0024 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c buffer : 00000001 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_unihdr hdr_profile_path [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0060 uni_str_len: 0038 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 uni_max_len: 0038 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 buffer : 00000001 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_unihdr hdr_acct_desc [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0068 uni_str_len: 0016 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006a uni_max_len: 0016 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c buffer : 00000001 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000070 smb_io_unihdr hdr_workstations [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0070 uni_str_len: 0002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0072 uni_max_len: 0002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 buffer : 00000001 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_unihdr hdr_unknown_str [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0078 uni_str_len: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 007a uni_max_len: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c buffer : 00000000 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_unihdr hdr_munged_dial [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0080 uni_str_len: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0082 uni_max_len: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0084 buffer : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0088 lm_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0098 nt_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a8 user_rid : 00000bc6 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ac group_rid : 00000201 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b0 acb_info : 00000010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b4 fields_present : 00ffffff [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b8 logon_divs : 00a8 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc ptr_logon_hrs : 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00c0 bad_password_count : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00c2 logon_count : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 00c4 padding1 : 00 00 00 00 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ca passmustchange : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00cb padding2 : 00 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000cc smb_io_unistr2 uni_user_name [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00cc uni_max_len: 0000000a [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d0 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d4 uni_str_len: 0000000a [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00d8 buffer : v.l.e.n.d.e.c.k.e... [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000ec smb_io_unistr2 uni_full_name [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ec uni_max_len: 00000010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f0 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f4 uni_str_len: 00000010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00f8 buffer : V.o.l.k.e.r. .L.e.n.d.e.c.k.e... [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000118 smb_io_unistr2 uni_home_dir [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0118 uni_max_len: 00000013 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 011c offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0120 uni_str_len: 00000013 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0124 buffer : \.\.M.E.R.L.I.N.\.v.l.e.n.d.e.c.k.e... [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 00014a smb_io_unistr2 uni_dir_drive [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 014c uni_max_len: 00000003 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0150 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0154 uni_str_len: 00000003 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0158 buffer : H.:... [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 00015e smb_io_unistr2 uni_logon_script [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0160 uni_max_len: 00000012 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0164 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0168 uni_str_len: 00000012 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 016c buffer : s.c.r.i.p.t.s.\.l.o.g.i.n...c.m.d... [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000190 smb_io_unistr2 uni_profile_path [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0190 uni_max_len: 0000001c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0194 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0198 uni_str_len: 0000001c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 019c buffer : \.\.M.E.R.L.I.N.\.p.r.o.f.i.l.e.s.\.v.l.e.n.d.e.c.k.e... [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001d4 smb_io_unistr2 uni_acct_desc [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01d4 uni_max_len: 0000000b [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01d8 offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01dc uni_str_len: 0000000b [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 01e0 buffer : G.u.e.s.t. .U.s.e.r... [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001f6 smb_io_unistr2 uni_workstations [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01f8 uni_max_len: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01fc offset : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0200 uni_str_len: 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0204 buffer : .. [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000206 smb_io_unistr2 - NULL uni_unknown_str [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000206 smb_io_unistr2 - NULL uni_munged_dial [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000206 sam_io_logon_hrs logon_hrs [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0208 maxlen: 000004ec [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 020c offset: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0210 len : 00000015 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0214 hours: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 022c status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 1122 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 560. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0248 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000230 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..584] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=640 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17729 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 584 (0x248) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 584 (0x248) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=585 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 48 02 00 00 1C 00 00 ........ .H...... [010] 00 30 02 00 00 00 00 00 00 01 00 00 00 15 00 00 .0...... ........ [020] 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF ........ ........ [030] 7F 00 99 04 C0 C5 56 C5 01 FF FF FF FF FF FF FF ......V. ........ [040] 7F 00 00 00 00 00 00 00 00 00 31 07 7A F6 19 C8 ........ ..1.z... [050] 01 14 00 14 00 01 00 00 00 20 00 20 00 01 00 00 ........ . . .... [060] 00 26 00 26 00 01 00 00 00 06 00 06 00 01 00 00 .&.&.... ........ [070] 00 24 00 24 00 01 00 00 00 38 00 38 00 01 00 00 .$.$.... .8.8.... [080] 00 16 00 16 00 01 00 00 00 02 00 02 00 01 00 00 ........ ........ [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 C6 0B 00 00 01 02 00 00 10 00 00 00 FF FF FF ........ ........ [0D0] 00 A8 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E0] 00 00 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 ........ ........ [0F0] 00 76 00 6C 00 65 00 6E 00 64 00 65 00 63 00 6B .v.l.e.n .d.e.c.k [100] 00 65 00 00 00 10 00 00 00 00 00 00 00 10 00 00 .e...... ........ [110] 00 56 00 6F 00 6C 00 6B 00 65 00 72 00 20 00 4C .V.o.l.k .e.r. .L [120] 00 65 00 6E 00 64 00 65 00 63 00 6B 00 65 00 00 .e.n.d.e .c.k.e.. [130] 00 13 00 00 00 00 00 00 00 13 00 00 00 5C 00 5C ........ .....\.\ [140] 00 4D 00 45 00 52 00 4C 00 49 00 4E 00 5C 00 76 .M.E.R.L .I.N.\.v [150] 00 6C 00 65 00 6E 00 64 00 65 00 63 00 6B 00 65 .l.e.n.d .e.c.k.e [160] 00 00 00 00 00 03 00 00 00 00 00 00 00 03 00 00 ........ ........ [170] 00 48 00 3A 00 00 00 00 00 12 00 00 00 00 00 00 .H.:.... ........ [180] 00 12 00 00 00 73 00 63 00 72 00 69 00 70 00 74 .....s.c .r.i.p.t [190] 00 73 00 5C 00 6C 00 6F 00 67 00 69 00 6E 00 2E .s.\.l.o .g.i.n.. [1A0] 00 63 00 6D 00 64 00 00 00 1C 00 00 00 00 00 00 .c.m.d.. ........ [1B0] 00 1C 00 00 00 5C 00 5C 00 4D 00 45 00 52 00 4C .....\.\ .M.E.R.L [1C0] 00 49 00 4E 00 5C 00 70 00 72 00 6F 00 66 00 69 .I.N.\.p .r.o.f.i [1D0] 00 6C 00 65 00 73 00 5C 00 76 00 6C 00 65 00 6E .l.e.s.\ .v.l.e.n [1E0] 00 64 00 65 00 63 00 6B 00 65 00 00 00 0B 00 00 .d.e.c.k .e...... [1F0] 00 00 00 00 00 0B 00 00 00 47 00 75 00 65 00 73 ........ .G.u.e.s [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,644) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,644) wrote 644 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 132 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x84 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 68 of length 136 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=132 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17793 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 48 (0x30) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=65 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 30 00 00 00 1D 00 00 ........ .0...... [020] 00 18 00 00 00 00 00 03 00 00 00 00 00 10 00 00 ........ ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 04 00 00 ........ B.%..... [040] 00 . [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=48 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 48 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 48 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 48, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 32 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 32 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001d [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 32 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 32, incoming data = 32 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000018 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0003 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x3 - api_rpcTNP: rpc command: SAMR_QUERY_SEC_OBJECT [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[42].fn == 0x8153b79 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_query_sec_obj [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd user_pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 sec_info: 00000004 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:_samr_query_sec_obj(476) _samr_query_sec_obj: querying security on SID: S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:_samr_query_sec_obj(503) _samr_query_sec_obj: querying security on Object with SID: S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_query_sec_obj [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr: 00000001 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 sec_io_desc_buf sec [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 ptr : 00000001 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 sec_io_desc sec [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0010 revision : 0001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0012 type : 8004 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 off_owner_sid: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 off_grp_sid : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c off_sacl : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 off_dacl : 00000014 [2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) 000024 sec_io_acl dacl [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 revision: 0002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 num_aces : 00000005 [2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) 00002c sec_io_ace ace_list[00]: [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 002c type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 002d flags: 00 [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 000030 sec_io_access info [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 mask: 0002035b [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_dom_sid trustee [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 num_auths : 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0038 id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0039 id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003a id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003b id_auth[5] : 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 003c sub_auths : 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002e size : 0014 [2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) 000040 sec_io_ace ace_list[01]: [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0040 type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0041 flags: 00 [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 000044 sec_io_access info [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 mask: 000f07ff [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_dom_sid trustee [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0048 sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0049 num_auths : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004a id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004b id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004c id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004d id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004e id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004f id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0050 sub_auths : 00000020 00000220 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0042 size : 0018 [2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) 000058 sec_io_ace ace_list[02]: [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0058 type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0059 flags: 00 [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 00005c sec_io_access info [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c mask: 000f07ff [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_dom_sid trustee [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0060 sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0061 num_auths : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0062 id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0063 id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0064 id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0065 id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0066 id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0067 id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0068 sub_auths : 00000020 00000224 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 005a size : 0018 [2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) 000070 sec_io_ace ace_list[03]: [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0070 type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0071 flags: 00 [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 000074 sec_io_access info [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 mask: 000f07ff [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_dom_sid trustee [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0078 sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0079 num_auths : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 007a id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 007b id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 007c id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 007d id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 007e id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 007f id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0080 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d 00000200 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0072 size : 0024 [2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) 000094 sec_io_ace ace_list[04]: [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0094 type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0095 flags: 00 [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 000098 sec_io_access info [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0098 mask: 00020044 [2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) 00009c smb_io_dom_sid trustee [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009c sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009d num_auths : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009e id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009f id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a0 id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a1 id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a2 id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a3 id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00a4 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d 00000bc6 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0096 size : 0024 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 size : 0094 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 max_len: 000000a8 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c len : 000000a8 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 00b8 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 1804 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 32 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 188. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 00d4 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001d [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 000000bc [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..212] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=268 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17793 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 212 (0xD4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 212 (0xD4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=213 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 D4 00 00 00 1D 00 00 ........ ........ [010] 00 BC 00 00 00 00 00 00 00 01 00 00 00 A8 00 00 ........ ........ [020] 00 01 00 00 00 A8 00 00 00 01 00 04 80 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 94 ........ ........ [040] 00 05 00 00 00 00 00 14 00 5B 03 02 00 01 01 00 ........ .[...... [050] 00 00 00 00 01 00 00 00 00 00 00 18 00 FF 07 0F ........ ........ [060] 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 ........ . ... .. [070] 00 00 00 18 00 FF 07 0F 00 01 02 00 00 00 00 00 ........ ........ [080] 05 20 00 00 00 24 02 00 00 00 00 24 00 FF 07 0F . ...$.. ...$.... [090] 00 01 05 00 00 00 00 00 05 15 00 00 00 8F 99 4A ........ .......J [0A0] 2B C5 38 1A F6 3D 1C A1 45 00 02 00 00 00 00 24 +.8..=.. E......$ [0B0] 00 44 00 02 00 01 05 00 00 00 00 00 05 15 00 00 .D...... ........ [0C0] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 C6 0B 00 ...J+.8. .=..E... [0D0] 00 00 00 00 00 ..... [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,272) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,272) wrote 272 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 69 of length 132 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17857 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=61 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 1E 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 27 00 00 00 00 00 10 00 00 .......' ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 ........ B.%.. [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 44 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001e [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000014 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0027 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x27 - api_rpcTNP: rpc command: SAMR_QUERY_USERGROUPS [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[25].fn == 0x8154b73 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_query_usergroups [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000010 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_usergroups(1704) _samr_query_usergroups: 1704 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_query_usergroups: access check ((granted: 0x000f05ff; required: 0x00000100) [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Volker Lendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\login.cmd, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 [2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 from rid 3014 [2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:49, 10] lib/system_smbd.c:sys_getgrouplist(116) sys_getgrouplist: user [vlendecke] [2005/05/12 14:30:49, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist(): disabled winbindd for group lookup [user == vlendecke] [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:49, 8] lib/util_getent.c:remove_duplicate_gids(330) remove_duplicate_gids: Enter 2 gids [2005/05/12 14:30:49, 8] lib/util_getent.c:remove_duplicate_gids(348) remove_duplicate_gids: Exit 1 gids [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(233) fetch sid from gid cache 513 -> S-1-5-21-726309263-4128913605-1168186429-513 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_query_usergroups(2963) init_samr_r_query_usergroups [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_usergroups(1770) _samr_query_usergroups: 1770 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_query_usergroups [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr_0 : 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 num_entries : 00000001 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 ptr_1 : 00000001 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000c samr_io_gids gids [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c num_gids: 00000001 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_gid gids [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 g_rid: 00000201 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 attr : 00000007 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0018 status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 8 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 710a name: samr len: 1256 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 28. [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0034 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001e [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000001c [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..52] [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17857 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 52 (0x34) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=53 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 34 00 00 00 1E 00 00 ........ .4...... [010] 00 1C 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [020] 00 01 00 00 00 01 00 00 00 01 02 00 00 07 00 00 ........ ........ [030] 00 00 00 00 00 ..... [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) write_socket(29,112) [2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) write_socket(29,112) wrote 112 [2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 212 [2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xd4 [2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) Transaction 70 of length 216 [2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) [2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1776 smb_uid=100 smb_mid=17921 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1256 (0x4E8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28938 (0x710A) smb_bcc=145 [2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 1F 00 00 ........ ........ [020] 00 68 00 00 00 00 00 10 00 00 00 00 00 0F 00 00 .h...... ........ [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 02 00 00 ........ B.%..... [040] 00 88 6A 14 00 02 00 00 00 B0 CB 14 00 D8 CB 14 ..j..... ........ [050] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [060] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 C6 0B 00 ...J+.8. .=..E... [070] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [080] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 01 02 00 ...J+.8. .=..E... [090] 00 . [2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 9712) conn 0x83b6eac [2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=128 params=0 setup=2 [2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=710a [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=710b (pipes_open=2) [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=710a (pipes_open=2) [2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 710a) [2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 [2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 710a name: samr open: Yes len: 128 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 128 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 112 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0080 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000001f [2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 112 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 112, incoming data = 112 [2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000068 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0010 [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x10 - api_rpcTNP: rpc command: SAMR_QUERY_USERALIASES [2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[7].fn == 0x8155b72 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_query_useraliases [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 0000000f [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: f9 bc 83 42 f0 25 00 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 num_sids1: 00000002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr : 00146a88 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c num_sids2: 00000002 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 ptr[00]: 0014cbb0 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 ptr[01]: 0014cbd8 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_dom_sid2 sid[00] [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 num_auths: 00000005 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_dom_sid sid [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 002c sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 002d num_auths : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 002e id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 002f id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0030 id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0031 id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0032 id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0033 id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0034 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d 00000bc6 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_dom_sid2 sid[01] [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0048 num_auths: 00000005 [2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) 00004c smb_io_dom_sid sid [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004c sid_rev_num: 01 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004d num_auths : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004e id_auth[0] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004f id_auth[1] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0050 id_auth[2] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0051 id_auth[3] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0052 id_auth[4] : 00 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0053 id_auth[5] : 05 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0054 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d 00000201 [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_useraliases(2969) _samr_query_useraliases: 2969 [2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0F 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B [010] F0 25 00 00 .%.. [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_query_useraliases: access check ((granted: 0x000d06fa; required: 0x00000080) [2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_query_useraliases: access check ((granted: 0x000d06fa; required: 0x00000200) [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/12 14:30:49, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(|(objectclass=sambaGroupMapping)(objectclass=sambaIdmapEntry))(|(sambaSIDList=S-1-5-21-726309263-4128913605-1168186429-3014)(sambaSIDList=S-1-5-21-726309263-4128913605-1168186429-513)))], scope => [2] [2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_query_useraliases(3807) init_samr_r_query_useraliases [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_query_useraliases [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 num_entries: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr : 00000001 [2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 samr_io_rids rids [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_rids: 00000000 [2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 000c status: NT_STATUS_OK [2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) [2005/05/12 14:30:49, 0] lib/fault.c:fault_report(36) =============================================================== [2005/05/12 14:30:49, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 6 in pid 9712 (3.0.15pre3-SVN-build-UNKNOWN-PS-SuSE) Please read the appendix Bugs of the Samba HOWTO collection [2005/05/12 14:30:49, 0] lib/fault.c:fault_report(39) =============================================================== [2005/05/12 14:30:49, 0] lib/util.c:smb_panic2(1498) smb_panic(): calling panic action [/bin/sleep 90000]