The Samba-Bugzilla – Attachment 1226 Details for
Bug 2705
Use of NT4 Dom Usr Mgr fails with Rev 6759.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Client Level 10 log
maggot.log (text/plain), 823.75 KB, created by
John H Terpstra (mail address dead(
on 2005-05-12 13:47:27 UTC
(
hide
)
Description:
Client Level 10 log
Filename:
MIME Type:
Creator:
John H Terpstra (mail address dead(
Created:
2005-05-12 13:47:27 UTC
Size:
823.75 KB
patch
obsolete
>[2005/05/12 14:30:47, 6] param/loadparm.c:lp_file_list_changed(2758) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu May 12 14:02:39 2005 > >[2005/05/12 14:30:47, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/smbusers >[2005/05/12 14:30:47, 10] lib/username.c:user_in_list(529) > user_in_list: checking user jht in list >[2005/05/12 14:30:47, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |jht| against |administrator| >[2005/05/12 14:30:47, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |jht| against |admin| >[2005/05/12 14:30:47, 5] auth/auth_util.c:make_user_info_map(219) > make_user_info_map: Mapping user [MIDEARTH]\[jht] from workstation [MAGGOT] >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 5] auth/auth_util.c:is_trusted_domain(1555) > is_trusted_domain: Checking for domain trust with [MIDEARTH] >[2005/05/12 14:30:47, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(325) > secrets_fetch failed! >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 10] lib/gencache.c:gencache_get(285) > Cache entry with key = TDOM/MIDEARTH couldn't be found >[2005/05/12 14:30:47, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain MIDEARTH found. >[2005/05/12 14:30:47, 5] auth/auth_util.c:make_user_info(127) > attempting to make a user_info for jht (jht) >[2005/05/12 14:30:47, 5] auth/auth_util.c:make_user_info(137) > making strings for jht's user_info struct >[2005/05/12 14:30:47, 5] auth/auth_util.c:make_user_info(179) > making blobs for jht's user_info struct >[2005/05/12 14:30:47, 10] auth/auth_util.c:make_user_info(195) > made an encrypted user_info for jht (jht) >[2005/05/12 14:30:47, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [MIDEARTH]\[jht]@[MAGGOT] with the new password interface >[2005/05/12 14:30:47, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [MIDEARTH]\[jht]@[MAGGOT] >[2005/05/12 14:30:47, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2005/05/12 14:30:47, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2005/05/12 14:30:47, 5] lib/util.c:dump_data(2013) > [000] 14 73 C1 DD FA 74 3B 83 .s...t;. >[2005/05/12 14:30:47, 10] auth/auth.c:check_ntlm_password(259) > check_ntlm_password: guest had nothing to say >[2005/05/12 14:30:47, 8] lib/util.c:is_myname(1834) > is_myname("MIDEARTH") returns 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=jht)(objectclass=sambaSamAccount))], scope => [2] >[2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_close(951) > The connection to the LDAP server was closed >[2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_open_connection(596) > smbldap_open_connection: ldap://merlin.terpstra-world.org >[2005/05/12 14:30:47, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened >[2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_connect_system(824) > ldap_connect_system: Binding to ldap server ldap://merlin.terpstra-world.org as "cn=Manager,dc=terpstra-world,dc=org" >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_connect_system(867) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2005/05/12 14:30:47, 4] lib/smbldap.c:smbldap_open(931) > The LDAP server is succesfully connected >[2005/05/12 14:30:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: jht >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username jht, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username jht, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3000 >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3000 >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name John H Terpstra, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\jht, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.cmd, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\jht, was >[2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/05/12 14:30:47, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/05/12 14:30:47, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/05/12 14:30:47, 5] passdb/login_cache.c:login_cache_init(41) > Opening cache file at /var/lib/samba/login_cache.tdb >[2005/05/12 14:30:47, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user jht >[2005/05/12 14:30:47, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/05/12 14:30:47, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/05/12 14:30:47, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username jht, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username jht, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name John H Terpstra, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\jht, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.cmd, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\jht, was >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/05/12 14:30:47, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3000 >[2005/05/12 14:30:47, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3000 from rid 3000 >[2005/05/12 14:30:47, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:47, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 9] passdb/passdb.c:pdb_update_autolock_flag(2350) > pdb_update_autolock_flag: Account jht not autolocked, no check needed >[2005/05/12 14:30:47, 4] libsmb/ntlm_check.c:ntlm_password_check(326) > ntlm_password_check: Checking NT MD4 password >[2005/05/12 14:30:47, 4] auth/auth_sam.c:sam_account_ok(120) > sam_account_ok: Checking SMB password for user jht >[2005/05/12 14:30:47, 5] auth/auth_sam.c:logon_hours_ok(102) > logon_hours_ok: user jht allowed to logon at this time (Thu May 12 14:30:47 2005 > ) >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 10] lib/system_smbd.c:sys_getgrouplist(116) > sys_getgrouplist: user [jht] >[2005/05/12 14:30:47, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist(): disabled winbindd for group lookup [user == jht] >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 8] lib/util_getent.c:remove_duplicate_gids(330) > remove_duplicate_gids: Enter 3 gids >[2005/05/12 14:30:47, 8] lib/util_getent.c:remove_duplicate_gids(348) > remove_duplicate_gids: Exit 2 gids >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2] >[2005/05/12 14:30:47, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) > init_group_from_ldap: Entry found for group: 513 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (513) -> SID S-1-5-21-726309263-4128913605-1168186429-513. >[2005/05/12 14:30:47, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 513 -> S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1000))], scope => [2] >[2005/05/12 14:30:47, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) > init_group_from_ldap: Entry found for group: 1000 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (1000) -> SID S-1-5-21-726309263-4128913605-1168186429-3001. >[2005/05/12 14:30:47, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 1000 -> S-1-5-21-726309263-4128913605-1168186429-3001 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] lib/privileges.c:get_privileges_for_sids(446) > get_privileges_for_sids: sid = S-1-5-21-726309263-4128913605-1168186429-3000 > Privilege set: > SE_PRIV 0xf0 0x0 0x0 0x0 >[2005/05/12 14:30:47, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-513] >[2005/05/12 14:30:47, 5] lib/privileges.c:get_privileges_for_sids(446) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/05/12 14:30:47, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2005/05/12 14:30:47, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2005/05/12 14:30:47, 3] lib/privileges.c:get_privileges(254) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-3001] >[2005/05/12 14:30:47, 10] auth/auth_util.c:debug_nt_user_token(485) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-3000 > contains 6 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-3000 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-3001 > SE_PRIV 0xf0 0x0 0x0 0x0 >[2005/05/12 14:30:47, 5] auth/auth_util.c:make_server_info_sam(857) > make_server_info_sam: made server info for user jht -> jht >[2005/05/12 14:30:47, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: sam authentication for user [jht] succeeded >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] auth/auth.c:check_ntlm_password(292) > check_ntlm_password: PAM Account for user [jht] succeeded >[2005/05/12 14:30:47, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [jht] -> [jht] -> [jht] succeeded >[2005/05/12 14:30:47, 5] auth/auth_util.c:free_user_info(1375) > attempting to free (and zero) a user_info structure >[2005/05/12 14:30:47, 10] auth/auth_util.c:free_user_info(1378) > structure was created for jht >[2005/05/12 14:30:47, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(117) > Got NT session key of length 16 >[2005/05/12 14:30:47, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(123) > Got LM session key of length 16 >[2005/05/12 14:30:47, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(669) > ntlmssp_server_auth: Created NTLM2 session key. >[2005/05/12 14:30:47, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > NTLMSSP Sign/Seal - Initialising with flags: >[2005/05/12 14:30:47, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2005/05/12 14:30:47, 10] smbd/password.c:register_vuid(158) > register_vuid: allocated vuid = 100 >[2005/05/12 14:30:47, 10] lib/util_pw.c:getpwnam_alloc(98) > Got jht from pwnam_cache >[2005/05/12 14:30:47, 10] smbd/password.c:register_vuid(220) > register_vuid: (1000,513) jht jht MIDEARTH guest=0 >[2005/05/12 14:30:47, 3] smbd/password.c:register_vuid(222) > User name: jht Real name: John H Terpstra >[2005/05/12 14:30:47, 3] smbd/password.c:register_vuid(241) > UNIX uid 1000 is UNIX user jht, and will be vuid 100 >[2005/05/12 14:30:47, 7] param/loadparm.c:lp_servicenumber(4113) > lp_servicenumber: couldn't find jht >[2005/05/12 14:30:47, 3] smbd/password.c:register_vuid(270) > Adding homes service for user 'jht' using home directory: '/data/users/jht' >[2005/05/12 14:30:47, 8] param/loadparm.c:add_a_service(2370) > add_a_service: Creating snum = 13 for jht >[2005/05/12 14:30:47, 3] param/loadparm.c:lp_add_home(2411) > adding home's share [jht] for user 'jht' at '/data/users/%U/Documents' >[2005/05/12 14:30:47, 6] param/loadparm.c:lp_file_list_changed(2758) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu May 12 14:02:39 2005 > >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,170) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,170) wrote 170 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 78 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x4e >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 3 of length 82 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=78 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=13632 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 78 (0x4E) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=35 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 5C 00 4D 00 45 00 52 00 4C 00 49 00 4E .\.\.M.E .R.L.I.N > [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? > [020] 3F 3F 00 ??. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtconX (pid 9712) conn 0x0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/05/12 14:30:47, 4] smbd/reply.c:reply_tcon_and_X(610) > Client requested device type [?????] for share [IPC$] >[2005/05/12 14:30:47, 5] smbd/service.c:make_connection(806) > making a connection to 'normal' service ipc$ >[2005/05/12 14:30:47, 5] lib/username.c:Get_Pwnam(293) > Finding user jht >[2005/05/12 14:30:47, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is jht >[2005/05/12 14:30:47, 10] lib/util_pw.c:getpwnam_alloc(98) > Got jht from pwnam_cache >[2005/05/12 14:30:47, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [jht]! >[2005/05/12 14:30:47, 3] smbd/service.c:make_connection_snum(476) > Connect path is '/tmp' for service [IPC$] >[2005/05/12 14:30:47, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2005/05/12 14:30:47, 3] smbd/vfs.c:vfs_init_default(206) > Initialising default vfs hooks >[2005/05/12 14:30:47, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2005/05/12 14:30:47, 10] smbd/uid.c:is_share_read_only_for_user(122) > is_share_read_only_for_user: share IPC$ is read-only for unix user jht >[2005/05/12 14:30:47, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-3000 > contains 6 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-3000 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-3001 > SE_PRIV 0xf0 0x0 0x0 0x0 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 1000 > Primary group is 513 and contains 2 supplementary groups > Group[ 0]: 513 > Group[ 1]: 1000 >[2005/05/12 14:30:47, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(1000,1000) gid=(0,513) >[2005/05/12 14:30:47, 3] smbd/service.c:make_connection_snum(640) > maggot (192.168.1.243) connect to service IPC$ initially as user jht (uid=1000, gid=513) (pid 9712) >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/05/12 14:30:47, 3] smbd/reply.c:reply_tcon_and_X(658) > tconX service=IPC$ >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=13632 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 49 50 43 00 00 00 00 IPC.... >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,52) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,52) wrote 52 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 100 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x64 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 4 of length 104 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=13696 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. > [010] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBntcreateX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-3000 > contains 6 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-3000 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-3001 > SE_PRIV 0xf0 0x0 0x0 0x0 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 1000 > Primary group is 513 and contains 2 supplementary groups > Group[ 0]: 513 > Group[ 1]: 1000 >[2005/05/12 14:30:47, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(1000,1000) gid=(0,513) >[2005/05/12 14:30:47, 4] smbd/vfs.c:vfs_ChDir(662) > vfs_ChDir to /tmp >[2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >[2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) > nt_open_pipe: Opening pipe \srvsvc. >[2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) > nt_open_pipe: Known pipe srvsvc opening. >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested srvsvc (pipes_open=0) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested srvsvc >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe srvsvc >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe srvsvc (pipes_open=0) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe srvsvc with handle 7107 (pipes_open=1) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name srvsvc pnum=7107 >[2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=13696 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1792 (0x700) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,107) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,107) wrote 107 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 5 of length 140 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=13760 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28935 (0x7107) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBwriteX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7107 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name srvsvc pnum=7107 (pipes_open=1) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7107 name: srvsvc open: Yes len: 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 11 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) > api_pipe_bind_req: decode request. 879 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_elements: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000c context_id : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000e num_syntaxes: 01 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 data : 4b324fc8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 data : 1670 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 data : 01d3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0018 data : 12 78 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 001a data : 5a 47 bf 6e e1 88 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 version: 00000003 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0028 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002a data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002c data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002e data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) > api_pipe_bind_req: make response. 1020 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) > check_bind_req for \PIPE\srvsvc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\samr >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\NETLOGON >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\srvsvc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 000053f0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 len: 000d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000a str: \PIPE\ntsvcs. >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000017 smb_io_rpc_results >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0018 num_results: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001c result : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001e reason : 0000 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0028 data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002a data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 56 >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=7107 nwritten=72 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=13760 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,51) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,51) wrote 51 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 59 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x3b >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 6 of length 63 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=13824 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28935 (0x7107) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBreadX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7107 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name srvsvc pnum=7107 (pipes_open=1) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7107 name: srvsvc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=7107 min=1024 max=1024 nread=68 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=13824 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,131) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,131) wrote 131 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 148 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x94 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 7 of length 152 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=13888 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28935 (0x7107) > smb_bcc=81 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 01 00 00 ........ .@...... > [020] 00 28 00 00 00 00 00 15 00 64 E7 12 00 09 00 00 .(...... .d...... > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 C9 11 65 00 00 .R.L.I.N .....e.. > [050] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=64 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7107 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name srvsvc pnum=7107 (pipes_open=1) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "srvsvc" (pnum 7107) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7107 name: srvsvc open: Yes len: 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0040 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 48, incoming data = 48 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000028 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0015 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 22 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\srvsvc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[11].fn == 0x8130bfc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 srv_io_q_net_srv_get_info >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr_srv_name : 0012e764 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_str_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 switch_value : 00000065 >[2005/05/12 14:30:47, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1212) > srv_net_srv_get_info: 1212 >[2005/05/12 14:30:47, 5] rpc_parse/parse_srv.c:init_srv_info_101(2809) > init_srv_info_101 >[2005/05/12 14:30:47, 5] rpc_parse/parse_srv.c:init_srv_r_net_srv_get_info(3044) > init_srv_r_net_srv_get_info >[2005/05/12 14:30:47, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1257) > srv_net_srv_get_info: 1257 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 srv_io_r_net_srv_get_info >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 srv_io_info_ctr ctr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 switch_value: 00000065 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 ptr_srv_ctr : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000008 srv_io_info_101 sv101 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 platform_id : 000001f4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c ptr_name : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 ver_major : 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 ver_minor : 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 srv_type : 00009a2b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c ptr_comment : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_unistr2 uni_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 uni_max_len: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 uni_str_len: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 002c buffer : M.E.R.L.I.N... >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00003a smb_io_unistr2 uni_comment >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c uni_max_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0040 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 uni_str_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0048 buffer : M.a.i.n. .S.e.r.v.e.r... >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) > 0060 status: WERR_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called srvsvc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 164 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 48 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7107 name: srvsvc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 100. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 007c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000064 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..124] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=13888 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 124 (0x7C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=125 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 7C 00 00 00 01 00 00 ........ .|...... > [010] 00 64 00 00 00 00 00 00 00 65 00 00 00 01 00 00 .d...... .e...... > [020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 ........ ........ > [030] 00 2B 9A 00 00 01 00 00 00 07 00 00 00 00 00 00 .+...... ........ > [040] 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 00 4E .....M.E .R.L.I.N > [050] 00 00 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ > [060] 00 4D 00 61 00 69 00 6E 00 20 00 53 00 65 00 72 .M.a.i.n . .S.e.r > [070] 00 76 00 65 00 72 00 00 00 00 00 00 00 .v.e.r.. ..... >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,184) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,184) wrote 184 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 41 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x29 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 8 of length 45 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=13952 > smt_wct=3 > smb_vwv[ 0]=28935 (0x7107) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBclose (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7107 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name srvsvc pnum=7107 (pipes_open=1) >[2005/05/12 14:30:47, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:7107 >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe srvsvc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) > closed pipe name srvsvc pnum=7107 (pipes_open=0) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=13952 > smt_wct=0 > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,39) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,39) wrote 39 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 100 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x64 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 9 of length 104 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14016 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [010] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBntcreateX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) > nt_open_pipe: Opening pipe \winreg. >[2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) > nt_open_pipe: Known pipe winreg opening. >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested winreg (pipes_open=0) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested winreg >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe winreg >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe winreg (pipes_open=0) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe winreg with handle 7108 (pipes_open=1) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name winreg pnum=7108 >[2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) > do_ntcreate_pipe_open: open pipe = \winreg >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14016 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2048 (0x800) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,107) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,107) wrote 107 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 10 of length 140 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14080 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28936 (0x7108) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBwriteX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7108 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name winreg pnum=7108 (pipes_open=1) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7108 name: winreg open: Yes len: 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 11 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) > api_pipe_bind_req: decode request. 879 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_elements: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000c context_id : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000e num_syntaxes: 01 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 data : 338cd001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 data : 2244 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 data : 31f1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0018 data : aa aa >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 001a data : 90 00 38 00 10 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 version: 00000001 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0028 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002a data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002c data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002e data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) > api_pipe_bind_req: make response. 1020 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) > check_bind_req for \PIPE\winreg >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\samr >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\NETLOGON >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\srvsvc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\wkssvc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\winreg >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 000053f0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 len: 000d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000a str: \PIPE\winreg. >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000017 smb_io_rpc_results >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0018 num_results: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001c result : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001e reason : 0000 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0028 data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002a data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 56 >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=7108 nwritten=72 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14080 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,51) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,51) wrote 51 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 59 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x3b >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 11 of length 63 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14145 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28936 (0x7108) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBreadX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7108 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name winreg pnum=7108 (pipes_open=1) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7108 name: winreg len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=7108 min=1024 max=1024 nread=68 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14145 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,131) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,131) wrote 131 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 120 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x78 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 12 of length 124 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14209 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28936 (0x7108) > smb_bcc=53 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [020] 00 0C 00 00 00 00 00 02 00 90 ED 12 00 B0 69 01 ........ ......i. > [030] 00 00 00 00 02 ..... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=36 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7108 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name winreg pnum=7108 (pipes_open=1) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 7108) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7108 name: winreg open: Yes len: 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 20 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0024 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 20 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 20, incoming data = 20 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0002 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 22 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\winreg >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[3].fn == 0x8128d51 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_open_hive >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr: 0012ed90 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 server: 69b0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0006 access: 00000001 >[2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:open_registry_key(92) > open_registry_key: name = [NULL][HKLM] >[2005/05/12 14:30:47, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM] >[2005/05/12 14:30:47, 10] lib/adt_tree.c:pathtree_find(388) > pathtree_find: Enter [/HKLM] >[2005/05/12 14:30:47, 10] lib/adt_tree.c:pathtree_find(460) > pathtree_find: Exit >[2005/05/12 14:30:47, 10] registry/reg_db.c:regdb_fetch_reg_keys(316) > regdb_fetch_reg_keys: Enter key => [HKLM] >[2005/05/12 14:30:47, 10] registry/reg_db.c:regdb_fetch_reg_keys(343) > regdb_fetch_reg_keys: Exit [1] items >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:open_registry_key(164) > open_registry_key: exit >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_hive >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) > 0014 status: WERR_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called winreg successfully >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:api_rpcTNP(1589) > api_rpcTNP: rpc input buffer underflow (parse error?) >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000a : 00 02 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 2 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 20 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7108 name: winreg len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14209 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 252 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xfc >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 13 of length 256 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=252 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14273 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 168 (0xA8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 168 (0xA8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28936 (0x7108) > smb_bcc=185 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 A8 00 00 00 02 00 00 ........ ........ > [020] 00 90 00 00 00 00 00 0F 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 60 00 60 ........ B.%..`.` > [040] 00 C8 E5 CB 71 30 00 00 00 00 00 00 00 30 00 00 ....q0.. .....0.. > [050] 00 53 00 59 00 53 00 54 00 45 00 4D 00 5C 00 43 .S.Y.S.T .E.M.\.C > [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o > [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t > [080] 00 5C 00 43 00 6F 00 6E 00 74 00 72 00 6F 00 6C .\.C.o.n .t.r.o.l > [090] 00 5C 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 .\.P.r.o .d.u.c.t > [0A0] 00 4F 00 70 00 74 00 69 00 6F 00 6E 00 73 00 00 .O.p.t.i .o.n.s.. > [0B0] 00 00 00 00 00 00 00 00 02 ........ . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=168 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7108 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name winreg pnum=7108 (pipes_open=1) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 7108) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7108 name: winreg open: Yes len: 168 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 168 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 152 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 00a8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000002 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 152 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 152, incoming data = 152 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000090 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 000f >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\winreg >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[1].fn == 0x8128f9a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_open_entry >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 length: 0060 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 size: 0060 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 ptr: 71cbe5c8 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_max_len: 00000030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 uni_str_len: 00000030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0028 buffer : S.Y.S.T.E.M.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.P.r.o.d.u.c.t.O.p.t.i.o.n.s... >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0088 unknown_0 : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 008c access: 02000000 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(326) > reg_open_entry: Enter >[2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:open_registry_key(92) > open_registry_key: name = [HKLM][SYSTEM\CurrentControlSet\Control\ProductOptions] >[2005/05/12 14:30:47, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] >[2005/05/12 14:30:47, 10] lib/adt_tree.c:pathtree_find(388) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] >[2005/05/12 14:30:47, 10] lib/adt_tree.c:pathtree_find(460) > pathtree_find: Exit >[2005/05/12 14:30:47, 10] registry/reg_db.c:regdb_fetch_reg_keys(316) > regdb_fetch_reg_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2005/05/12 14:30:47, 10] registry/reg_db.c:regdb_fetch_reg_keys(343) > regdb_fetch_reg_keys: Exit [0] items >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:open_registry_key(164) > open_registry_key: exit >[2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(337) > reg_open_entry: Exit >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_entry >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) > 0014 status: WERR_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called winreg successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 112 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 152 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7108 name: winreg len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14273 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 212 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xd4 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 14 of length 216 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=212 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14337 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 128 (0x80) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28936 (0x7108) > smb_bcc=145 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 03 00 00 ........ ........ > [020] 00 68 00 00 00 00 00 11 00 00 00 00 00 02 00 00 .h...... ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 18 00 18 ........ B.%..... > [040] 00 70 51 32 00 0C 00 00 00 00 00 00 00 0C 00 00 .pQ2.... ........ > [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T > [060] 00 79 00 70 00 65 00 00 00 18 EE 12 00 48 74 14 .y.p.e.. .....Ht. > [070] 00 48 74 14 00 04 01 00 00 00 00 00 00 00 00 00 .Ht..... ........ > [080] 00 10 EE 12 00 04 01 00 00 08 EE 12 00 00 00 00 ........ ........ > [090] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=128 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7108 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name winreg pnum=7108 (pipes_open=1) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 7108) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7108 name: winreg open: Yes len: 128 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 128 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 112 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0080 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000003 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 112 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 112, incoming data = 112 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000068 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0011 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\winreg >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[8].fn == 0x812905e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_info >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 length: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 size: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 ptr: 00325170 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_max_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 uni_str_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0040 ptr_reserved: 0012ee18 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 ptr_buf: 00147448 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0048 ptr_bufsize: 00147448 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 004c bufsize: 00000104 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0050 buf_unk: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0054 unk1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0058 ptr_buflen: 0012ee10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 005c buflen: 00000104 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0060 ptr_buflen2: 0012ee08 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0064 buflen2: 00000000 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_info(358) > _reg_info: Enter >[2005/05/12 14:30:47, 7] rpc_server/srv_reg_nt.c:_reg_info(363) > _reg_info: policy key name = [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_info(367) > reg_info: looking up value: [ProductType] >[2005/05/12 14:30:47, 5] rpc_server/srv_reg_nt.c:_reg_info(447) > _reg_info: Exit >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_info >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr: 083b5054 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 type: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 ptr: 083b3804 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000c smb_io_regval_buffer value >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_max_len: 00000012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 buf_len : 00000012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0018 buffer : L.a.n.m.a.n.N.T... >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 002c ptr: 083b37b4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 buf_max_len: 00000012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 ptr: 083b5844 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0038 buf_len: 00000012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) > 003c status: WERR_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called winreg successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 86 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 112 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7108 name: winreg len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 64. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0058 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000040 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..88] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14337 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 58 00 00 00 03 00 00 ........ .X...... > [010] 00 40 00 00 00 00 00 00 00 54 50 3B 08 01 00 00 .@...... .TP;.... > [020] 00 04 38 3B 08 12 00 00 00 00 00 00 00 12 00 00 ..8;.... ........ > [030] 00 4C 00 61 00 6E 00 6D 00 61 00 6E 00 4E 00 54 .L.a.n.m .a.n.N.T > [040] 00 00 00 00 00 B4 37 3B 08 12 00 00 00 44 58 3B ......7; .....DX; > [050] 08 12 00 00 00 00 00 00 00 ........ . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,148) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,148) wrote 148 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 15 of length 132 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14401 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28936 (0x7108) > smb_bcc=61 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7108 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name winreg pnum=7108 (pipes_open=1) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 7108) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7108 name: winreg open: Yes len: 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000004 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0005 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\winreg >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x8128c90 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) > 0014 status: WERR_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called winreg successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7108 name: winreg len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14401 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 16 of length 132 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14465 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28936 (0x7108) > smb_bcc=61 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7108 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name winreg pnum=7108 (pipes_open=1) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 7108) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7108 name: winreg open: Yes len: 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000005 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0005 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\winreg >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x8128c90 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_werror(729) > 0014 status: WERR_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called winreg successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7108 name: winreg len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000005 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14465 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 41 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x29 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 17 of length 45 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14529 > smt_wct=3 > smb_vwv[ 0]=28936 (0x7108) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBclose (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7108 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name winreg pnum=7108 (pipes_open=1) >[2005/05/12 14:30:47, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:7108 >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe winreg >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) > closed pipe name winreg pnum=7108 (pipes_open=0) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14529 > smt_wct=0 > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,39) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,39) wrote 39 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 96 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x60 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 18 of length 100 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14593 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBntcreateX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) > nt_open_pipe: Opening pipe \samr. >[2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) > nt_open_pipe: Known pipe samr opening. >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=0) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested samr >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe samr >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe samr (pipes_open=0) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe samr with handle 7109 (pipes_open=1) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name samr pnum=7109 >[2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) > do_ntcreate_pipe_open: open pipe = \samr >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14593 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2304 (0x900) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,107) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,107) wrote 107 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 19 of length 140 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14657 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28937 (0x7109) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBwriteX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7109 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=7109 (pipes_open=1) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7109 name: samr open: Yes len: 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 11 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) > api_pipe_bind_req: decode request. 879 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_elements: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000c context_id : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000e num_syntaxes: 01 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 data : 12345778 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 data : 1234 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 data : abcd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0018 data : ef 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 001a data : 01 23 45 67 89 ac >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 version: 00000001 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0028 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002a data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002c data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002e data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) > api_pipe_bind_req: make response. 1020 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) > check_bind_req for \PIPE\samr >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\samr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 000053f0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 len: 000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000a str: \PIPE\lsass. >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0018 num_results: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001c result : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001e reason : 0000 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0028 data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002a data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 56 >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=7109 nwritten=72 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14657 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,51) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,51) wrote 51 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 59 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x3b >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 20 of length 63 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14721 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28937 (0x7109) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBreadX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7109 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=7109 (pipes_open=1) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7109 name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=7109 min=1024 max=1024 nread=68 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14721 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,131) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,131) wrote 131 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 164 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa4 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 21 of length 168 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14785 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28937 (0x7109) > smb_bcc=97 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 01 00 00 ........ .P...... > [020] 00 38 00 00 00 00 00 40 00 A0 96 14 00 09 00 00 .8.....@ ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 C9 11 20 00 00 .R.L.I.N ..... .. > [050] 00 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 ........ ........ > [060] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=80 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7109 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=7109 (pipes_open=1) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7109) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7109 name: samr open: Yes len: 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0050 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000038 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0040 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 20 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x40 - unknown >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 23 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0020 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0018 status : NT code 0x1c010002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c reserved: 00000000 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 64 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7109 name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: samr: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14785 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,92) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,92) wrote 92 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 41 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x29 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 22 of length 45 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14849 > smt_wct=3 > smb_vwv[ 0]=28937 (0x7109) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBclose (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7109 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=7109 (pipes_open=1) >[2005/05/12 14:30:47, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:7109 >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) > closed pipe name samr pnum=7109 (pipes_open=0) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14849 > smt_wct=0 > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,39) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,39) wrote 39 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 96 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x60 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 23 of length 100 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14913 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBntcreateX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) > nt_open_pipe: Opening pipe \samr. >[2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) > nt_open_pipe: Known pipe samr opening. >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=0) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested samr >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe samr >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe samr (pipes_open=0) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe samr with handle 710a (pipes_open=1) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name samr pnum=710a >[2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) > do_ntcreate_pipe_open: open pipe = \samr >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=14913 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,107) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,107) wrote 107 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 24 of length 140 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14977 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28938 (0x710A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBwriteX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=1) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 11 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) > api_pipe_bind_req: decode request. 879 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_elements: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000c context_id : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000e num_syntaxes: 01 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 data : 12345778 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 data : 1234 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 data : abcd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0018 data : ef 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 001a data : 01 23 45 67 89 ac >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 version: 00000001 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0028 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002a data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002c data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002e data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) > api_pipe_bind_req: make response. 1020 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) > check_bind_req for \PIPE\samr >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\samr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 000053f0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 len: 000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000a str: \PIPE\lsass. >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0018 num_results: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001c result : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001e reason : 0000 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0028 data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002a data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 56 >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=710a nwritten=72 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=14977 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,51) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,51) wrote 51 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 59 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x3b >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 25 of length 63 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=15041 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28938 (0x710A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBreadX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=1) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=710a min=1024 max=1024 nread=68 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=15041 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,131) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,131) wrote 131 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 152 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x98 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 26 of length 156 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15105 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=85 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [020] 00 2C 00 00 00 00 00 3E 00 A0 96 14 00 09 00 00 .,.....> ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 C9 11 02 00 00 .R.L.I.N ........ > [050] 00 20 00 00 00 . ... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=68 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=1) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 68 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 68 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 52, incoming data = 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000002c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 003e >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 20 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[47].fn == 0x81552b4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_connect4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr_srv_name: 001496a0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_str_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 unk_0: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 access_mask: 00000020 >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2205) > _samr_connect4: 2205 >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000020, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 20 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (20) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_connect4: access GRANTED (requested: 0x00000020, granted: 0x00000020) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid (NULL) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(246) > get_samr_info_by_sid: created new info for NULL sid. >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2237) > _samr_connect: 2237 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_connect4 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd connect_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 974 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 52 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15105 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 100 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x64 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 27 of length 104 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15169 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBntcreateX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/05/12 14:30:47, 4] smbd/nttrans.c:nt_open_pipe(512) > nt_open_pipe: Opening pipe \lsarpc. >[2005/05/12 14:30:47, 3] smbd/nttrans.c:nt_open_pipe(529) > nt_open_pipe: Known pipe lsarpc opening. >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested lsarpc (pipes_open=1) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name samr pnum=710a >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 2 for pipe lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe lsarpc (pipes_open=1) >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe lsarpc with handle 710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name samr pnum=710a >[2005/05/12 14:30:47, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15169 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2816 (0xB00) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,107) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,107) wrote 107 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 28 of length 140 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=15233 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28939 (0x710B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBwriteX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 11 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) > api_pipe_bind_req: decode request. 879 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_elements: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000c context_id : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000e num_syntaxes: 01 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 data : 12345778 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 data : 1234 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 data : abcd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0018 data : ef 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 001a data : 01 23 45 67 89 ab >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 version: 00000000 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0028 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002a data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002c data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002e data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) > api_pipe_bind_req: make response. 1020 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe.c:check_bind_req(764) > check_bind_req for \PIPE\lsarpc >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe.c:check_bind_req(770) > checking \PIPE\lsarpc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0000 max_tsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0002 max_rsize: 10b8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 assoc_gid: 000053f0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 len: 000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000a str: \PIPE\lsass. >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0018 num_results: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001c result : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001e reason : 0000 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 data : 8a885d04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 data : 1ceb >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 data : 11c9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0028 data : 9f e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 002a data : 08 00 2b 10 48 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 version: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 0c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 56 >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=710b nwritten=72 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=15233 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,51) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,51) wrote 51 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 59 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x3b >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 29 of length 63 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=15297 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28939 (0x710B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBreadX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=710b min=1024 max=1024 nread=68 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=15297 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,131) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,131) wrote 131 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 180 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xb4 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 30 of length 184 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15361 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=113 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 01 00 00 ........ .`...... > [020] 00 48 00 00 00 00 00 2C 00 A0 96 14 00 09 00 00 .H....., ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 C9 11 18 00 00 .R.L.I.N ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 08 F4 12 00 0C 00 00 00 02 00 01 00 01 08 00 ........ ........ > [070] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=96 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0060 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 002c >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 22 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x8123cd4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr : 001496a0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_str_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000022 lsa_io_obj_attr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 len : 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 ptr_root_dir: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 002c ptr_obj_name: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 attributes : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 ptr_sec_desc: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0038 ptr_sec_qos : 0012f408 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00003c lsa_io_obj_qos sec_qos >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c len : 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0040 sec_imp_level : 0002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0042 sec_ctxt_mode : 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0043 effective_only: 00 >[2005/05/12 14:30:47, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(182) > lsa_io_sec_qos: length c does not match size 8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 des_access: 00000801 >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000801, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 801 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (801) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol2 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 826 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 80 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15361 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 148 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x94 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 31 of length 152 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15425 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=81 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 02 00 00 ........ .@...... > [020] 00 28 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .(...... ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 80 03 00 ........ B.%..... > [040] 00 01 00 00 00 01 01 00 00 00 00 00 05 20 00 00 ........ ..... .. > [050] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=64 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0040 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000002 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 48, incoming data = 48 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000028 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 00000380 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000020 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000380, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 380 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (380) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000380, granted: 0x000d07fa) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-32 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000005 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 48 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15425 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 130 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x82 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 32 of length 134 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15489 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=63 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000002 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000016 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[2].fn == 0x8124081 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 info_class: 0005 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 undoc_buffer: 22000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 info_class: 0005 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 uni_dom_max_len: 0010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a uni_dom_str_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c buffer_dom_name: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 buffer_dom_sid : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_str_len: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_dom_sid2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 num_auths: 00000004 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0034 sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0035 num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0036 id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0037 id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0038 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0039 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003a id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003b id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 004c status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 18 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 30 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0068 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000050 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15489 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 02 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,164) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,164) wrote 164 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 160 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa0 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 33 of length 164 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15553 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=93 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 03 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 80 03 00 ........ B.%..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 004c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000003 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000034 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 00000380 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000004 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000380, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 380 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (380) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000380, granted: 0x000d07fa) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[4] [000] 00 00 00 00 06 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15553 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 06 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 130 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x82 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 34 of length 134 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15617 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=63 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000003 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000016 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[2].fn == 0x8124081 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 info_class: 0005 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 undoc_buffer: 22000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 info_class: 0005 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 uni_dom_max_len: 0010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a uni_dom_str_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c buffer_dom_name: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 buffer_dom_sid : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_str_len: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_dom_sid2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 num_auths: 00000004 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0034 sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0035 num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0036 id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0037 id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0038 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0039 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003a id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003b id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 004c status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 18 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 30 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0068 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000050 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15617 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,164) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,164) wrote 164 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 160 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa0 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 35 of length 164 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15681 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=93 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 04 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 90 03 00 ........ B.%..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 004c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000004 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000034 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 00000390 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000004 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000380, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 380 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (380) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000380, granted: 0x000d07fa) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[5] [000] 00 00 00 00 07 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15681 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 36 of length 132 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15745 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=61 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 06 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000005 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0001 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x81535a8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 06 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000005 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15745 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 130 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x82 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 37 of length 134 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15809 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=63 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 04 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000004 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000016 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[2].fn == 0x8124081 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 info_class: 0005 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 undoc_buffer: 22000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 info_class: 0005 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 uni_dom_max_len: 0010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a uni_dom_str_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c buffer_dom_name: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 buffer_dom_sid : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_str_len: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_dom_sid2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 num_auths: 00000004 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0034 sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0035 num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0036 id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0037 id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0038 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0039 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003a id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003b id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 004c status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 18 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 30 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0068 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000050 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15809 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 04 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,164) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,164) wrote 164 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 160 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa0 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 38 of length 164 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15873 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=93 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 06 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 91 03 00 ........ B.%..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 004c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000006 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000034 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 00000391 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000004 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000381, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 381 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (381) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000381, granted: 0x000d07fb) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[5] [000] 00 00 00 00 08 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15873 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 39 of length 132 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15937 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=61 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 07 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000007 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0001 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x81535a8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 07 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=15937 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 130 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x82 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 40 of length 134 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16001 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=63 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000005 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000016 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[2].fn == 0x8124081 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 info_class: 0005 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 undoc_buffer: 22000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 info_class: 0005 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 uni_dom_max_len: 0010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a uni_dom_str_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c buffer_dom_name: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 buffer_dom_sid : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_str_len: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_dom_sid2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 num_auths: 00000004 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0034 sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0035 num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0036 id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0037 id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0038 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0039 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003a id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003b id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 004c status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 18 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 30 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0068 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000005 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000050 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16001 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 05 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,164) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,164) wrote 164 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 160 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa0 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 41 of length 164 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16065 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=93 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 08 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 D1 03 00 ........ B.%..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 004c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000008 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000034 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 000003d1 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000004 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000381, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 381 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (381) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000381, granted: 0x000d07fb) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[5] [000] 00 00 00 00 09 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16065 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 42 of length 132 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16129 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=61 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 09 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 08 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000009 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0001 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x81535a8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 08 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16129 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 130 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x82 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 43 of length 134 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16193 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=63 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 06 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000006 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000016 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[2].fn == 0x8124081 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 info_class: 0005 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 undoc_buffer: 22000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 info_class: 0005 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 uni_dom_max_len: 0010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a uni_dom_str_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c buffer_dom_name: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 buffer_dom_sid : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_str_len: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_dom_sid2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 num_auths: 00000004 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0034 sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0035 num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0036 id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0037 id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0038 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0039 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003a id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003b id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 004c status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 18 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 30 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0068 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000050 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16193 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 06 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,164) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,164) wrote 164 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 160 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa0 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 44 of length 164 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16257 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=93 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 0A 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 F1 03 00 ........ B.%..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 004c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000034 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 000003f1 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000004 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000381, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 381 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (381) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000381, granted: 0x000d07fb) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[5] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16257 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0A 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 45 of length 132 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16321 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=61 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0001 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x81535a8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 09 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16321 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 130 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x82 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 46 of length 134 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16385 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=63 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 05 00 ........ B.%.... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000007 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000016 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[2].fn == 0x8124081 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 info_class: 0005 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 undoc_buffer: 22000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 info_class: 0005 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 uni_dom_max_len: 0010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a uni_dom_str_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c buffer_dom_name: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 buffer_dom_sid : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_str_len: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_dom_sid2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 num_auths: 00000004 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0034 sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0035 num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0036 id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0037 id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0038 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0039 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003a id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003b id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 004c status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 18 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 30 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0068 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000050 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16385 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,164) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,164) wrote 164 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 160 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa0 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 47 of length 164 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16449 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=93 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 0C 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 F3 03 00 ........ B.%..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 004c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000c >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000034 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 000003f3 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000004 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 04 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000381, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 381 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (381) granted. >[2005/05/12 14:30:47, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000381, granted: 0x000d07fb) >[2005/05/12 14:30:47, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[5] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16449 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 ........ ........ > [020] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 48 of length 132 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16513 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=61 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 0A 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000d >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0001 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x81535a8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16513 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 180 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xb4 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 49 of length 184 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16577 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=113 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 08 00 00 ........ .`...... > [020] 00 48 00 00 00 00 00 2C 00 A0 96 14 00 09 00 00 .H....., ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 05 18 00 00 .R.L.I.N ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 28 F4 12 00 0C 00 00 00 02 00 01 00 11 08 00 .(...... ........ > [070] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=96 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0060 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000008 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 002c >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x8123cd4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr : 001496a0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_str_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000022 lsa_io_obj_attr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 len : 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 ptr_root_dir: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 002c ptr_obj_name: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 attributes : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 ptr_sec_desc: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0038 ptr_sec_qos : 0012f428 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00003c lsa_io_obj_qos sec_qos >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c len : 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0040 sec_imp_level : 0002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0042 sec_ctxt_mode : 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0043 effective_only: 00 >[2005/05/12 14:30:47, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(182) > lsa_io_sec_qos: length c does not match size 8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 des_access: 00000811 >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000811, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 811 > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-21-726309263-4128913605-1168186429-512 mask = f0fff, current desired = 10 > se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f0fff, current desired = 10 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(314) > se_access_check: access (811) denied. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol2 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_ACCESS_DENIED >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 826 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 80 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16577 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 22 00 00 ........ .....".. > [030] C0 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 180 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xb4 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 50 of length 184 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16641 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=113 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 09 00 00 ........ .`...... > [020] 00 48 00 00 00 00 00 2C 00 A0 96 14 00 09 00 00 .H....., ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 05 18 00 00 .R.L.I.N ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 28 F4 12 00 0C 00 00 00 02 00 01 00 03 0B 00 .(...... ........ > [070] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=96 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0060 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000009 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 002c >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x8123cd4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr : 001496a0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_str_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000022 lsa_io_obj_attr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 len : 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 ptr_root_dir: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 002c ptr_obj_name: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 attributes : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 ptr_sec_desc: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0038 ptr_sec_qos : 0012f428 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00003c lsa_io_obj_qos sec_qos >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c len : 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0040 sec_imp_level : 0002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0042 sec_ctxt_mode : 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0043 effective_only: 00 >[2005/05/12 14:30:47, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(182) > lsa_io_sec_qos: length c does not match size 8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 des_access: 00000b03 >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000b03, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = b03 > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-21-726309263-4128913605-1168186429-512 mask = f0fff, current desired = 302 > se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f0fff, current desired = 302 >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(314) > se_access_check: access (b03) denied. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol2 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_ACCESS_DENIED >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 826 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 80 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16641 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 22 00 00 ........ .....".. > [030] C0 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 180 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xb4 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 51 of length 184 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16705 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28939 (0x710B) > smb_bcc=113 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 0A 00 00 ........ .`...... > [020] 00 48 00 00 00 00 00 2C 00 A0 96 14 00 09 00 00 .H....., ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 05 18 00 00 .R.L.I.N ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 28 F4 12 00 0C 00 00 00 02 00 01 00 FF 0F 0F .(...... ........ > [070] 00 . >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=96 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710b >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 710b) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83ba318 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710b name: lsarpc open: Yes len: 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0060 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000048 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 002c >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\lsarpc >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x8123cd4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr : 001496a0 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_str_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000022 lsa_io_obj_attr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 len : 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 ptr_root_dir: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 002c ptr_obj_name: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 attributes : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 ptr_sec_desc: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0038 ptr_sec_qos : 0012f428 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00003c lsa_io_obj_qos sec_qos >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c len : 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0040 sec_imp_level : 0002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0042 sec_ctxt_mode : 01 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0043 effective_only: 00 >[2005/05/12 14:30:47, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(182) > lsa_io_sec_qos: length c does not match size 8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 des_access: 000f0fff >[2005/05/12 14:30:47, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f0fff, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:47, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = f0fff > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-21-726309263-4128913605-1168186429-512 mask = f0fff, current desired = d07fe > se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f0fff, current desired = d07fe >[2005/05/12 14:30:47, 5] lib/util_seaccess.c:se_access_check(314) > se_access_check: access (f0fff) denied. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol2 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_ACCESS_DENIED >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called lsarpc successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 826 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 80 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710b name: lsarpc len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16705 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 22 00 00 ........ .....".. > [030] C0 . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 144 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x90 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 52 of length 148 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16769 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=77 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 0E 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 28 00 00 00 00 00 0B 00 00 .$.....( ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 01 00 45 ........ B.%....E > [040] 00 00 00 00 00 00 02 00 00 FF 3F 00 00 ........ ..?.. >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=60 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 003c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000e >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 44, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000024 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0028 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x28 - api_rpcTNP: rpc command: SAMR_QUERY_DISPINFO >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[26].fn == 0x815413d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_query_dispinfo >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 switch_level: 0001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 start_idx : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c max_entries : 00000200 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 max_size : 00003fff >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(802) > samr_reply_query_dispinfo: 802 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(861) > samr_reply_query_dispinfo: buffer size limits to only 511 entries >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1133) > smbldap_search_paged: base => [ou=People,ou=Users,dc=terpstra-world,dc=org], filter => [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024] >[2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=People,ou=Users,dc=terpstra-world,dc=org], filter => [(&(uid=*)(objectclass=sambaSamAccount))], scope => [2] >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1172) > smbldap_search_paged: search was successfull >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 10] rpc_parse/parse_samr.c:init_sam_dispinfo_1(1525) > init_sam_dispinfo_1: num_entries: 6 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) > init_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) > init_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) > init_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) > init_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) > init_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry1(1010) > init_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(949) > _samr_query_dispinfo: 949 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_samr_r_query_dispinfo(1966) > init_samr_r_query_dispinfo: level 1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_query_dispinfo >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 total_size : 000000c0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data_size : 00004000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 switch_level: 0001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c num_entries : 00000006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 ptr_entries : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 num_entries2: 00000006 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 sam_io_sam_dispinfo_1 users >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000018 sam_io_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 user_idx : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c rid_user : 000001f4 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0020 acb_info : 0010 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unihdr hdr_acct_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 uni_str_len: 0008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 uni_max_len: 0008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_unihdr hdr_user_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002c uni_str_len: 003a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002e uni_max_len: 003a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_unihdr hdr_user_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0034 uni_str_len: 001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0036 uni_max_len: 001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0038 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00003c sam_io_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c user_idx : 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0040 rid_user : 00000bb8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0044 acb_info : 0010 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_unihdr hdr_acct_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0048 uni_str_len: 0006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 004a uni_max_len: 0006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 004c buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000050 smb_io_unihdr hdr_user_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0050 uni_str_len: 001c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0052 uni_max_len: 001c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0054 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000058 smb_io_unihdr hdr_user_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0058 uni_str_len: 001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 005a uni_max_len: 001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 005c buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000060 sam_io_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0060 user_idx : 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0064 rid_user : 00000bbc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0068 acb_info : 0010 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00006c smb_io_unihdr hdr_acct_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 006c uni_str_len: 0006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 006e uni_max_len: 0006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0070 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000074 smb_io_unihdr hdr_user_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0074 uni_str_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0076 uni_max_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0078 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00007c smb_io_unihdr hdr_user_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 007c uni_str_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 007e uni_max_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0080 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000084 sam_io_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0084 user_idx : 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0088 rid_user : 00000bbe >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 008c acb_info : 0010 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000090 smb_io_unihdr hdr_acct_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0090 uni_str_len: 0006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0092 uni_max_len: 0006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0094 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000098 smb_io_unihdr hdr_user_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0098 uni_str_len: 000e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 009a uni_max_len: 000e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 009c buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000a0 smb_io_unihdr hdr_user_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00a0 uni_str_len: 000e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00a2 uni_max_len: 000e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00a4 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0000a8 sam_io_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00a8 user_idx : 00000005 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00ac rid_user : 00000bc0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00b0 acb_info : 0010 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000b4 smb_io_unihdr hdr_acct_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00b4 uni_str_len: 0006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00b6 uni_max_len: 0006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00b8 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000bc smb_io_unihdr hdr_user_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00bc uni_str_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00be uni_max_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00c0 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000c4 smb_io_unihdr hdr_user_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00c4 uni_str_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00c6 uni_max_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00c8 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0000cc sam_io_sam_entry1 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00cc user_idx : 00000006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00d0 rid_user : 00000bc6 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00d4 acb_info : 0010 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000d8 smb_io_unihdr hdr_acct_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00d8 uni_str_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00da uni_max_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00dc buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000e0 smb_io_unihdr hdr_user_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00e0 uni_str_len: 0014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00e2 uni_max_len: 0014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00e4 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000e8 smb_io_unihdr hdr_user_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00e8 uni_str_len: 001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00ea uni_max_len: 001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00ec buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0000f0 sam_io_sam_str1 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000f0 smb_io_unistr2 name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00f0 uni_max_len: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00f4 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00f8 uni_str_len: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 00fc buffer : r.o.o.t. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000104 smb_io_unistr2 desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0104 uni_max_len: 0000001d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0108 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 010c uni_str_len: 0000001d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0110 buffer : L.D.A.P. .B.a.s.e.d. .S.u.p.e.r. .U.s.e.r. .A.c.c.o.u.n.t. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00014a smb_io_unistr2 full >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 014c uni_max_len: 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0150 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0154 uni_str_len: 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0158 buffer : S.y.s.t.e.m. .B.o.s.s. .M.a.n. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000176 sam_io_sam_str1 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000178 smb_io_unistr2 name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0178 uni_max_len: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 017c offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0180 uni_str_len: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0184 buffer : j.h.t. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00018a smb_io_unistr2 desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 018c uni_max_len: 0000000e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0190 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0194 uni_str_len: 0000000e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0198 buffer : B.i.g. .S.l.e.u.t.h. .M.a.n. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0001b4 smb_io_unistr2 full >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01b4 uni_max_len: 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01b8 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01bc uni_str_len: 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 01c0 buffer : J.o.h.n. .H. .T.e.r.p.s.t.r.a. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0001de sam_io_sam_str1 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0001e0 smb_io_unistr2 name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01e0 uni_max_len: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01e4 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01e8 uni_str_len: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 01ec buffer : l.c.t. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0001f2 smb_io_unistr2 desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01f4 uni_max_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01f8 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01fc uni_str_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0200 buffer : W.o.n.d.e.r. .W.o.m.a.n. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000218 smb_io_unistr2 full >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0218 uni_max_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 021c offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0220 uni_str_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0224 buffer : W.o.n.d.e.r. .W.o.m.a.n. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00023c sam_io_sam_str1 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00023c smb_io_unistr2 name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 023c uni_max_len: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0240 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0244 uni_str_len: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0248 buffer : a.j.t. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00024e smb_io_unistr2 desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0250 uni_max_len: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0254 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0258 uni_str_len: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 025c buffer : B.i.g. .M.a.n. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00026a smb_io_unistr2 full >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 026c uni_max_len: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0270 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0274 uni_str_len: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0278 buffer : B.i.g. .M.a.n. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000286 sam_io_sam_str1 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000288 smb_io_unistr2 name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0288 uni_max_len: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 028c offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0290 uni_str_len: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0294 buffer : m.e.t. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00029a smb_io_unistr2 desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 029c uni_max_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02a0 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02a4 uni_str_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 02a8 buffer : K.a.r.a.t.e. .M.i.s.s.y. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002c0 smb_io_unistr2 full >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02c0 uni_max_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02c4 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02c8 uni_str_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 02cc buffer : K.a.r.a.t.e. .M.i.s.s.y. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0002e4 sam_io_sam_str1 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002e4 smb_io_unistr2 name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02e4 uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02e8 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02ec uni_str_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 02f0 buffer : v.l.e.n.d.e.c.k.e. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000302 smb_io_unistr2 desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0304 uni_max_len: 0000000a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0308 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 030c uni_str_len: 0000000a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0310 buffer : G.u.e.s.t. .U.s.e.r. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000324 smb_io_unistr2 full >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0324 uni_max_len: 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0328 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 032c uni_str_len: 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0330 buffer : V.o.l.k.e.r. .L.e.n.d.e.c.k.e. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0350 status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 962 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 44 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 852. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 036c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000354 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..876] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=932 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16769 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 876 (0x36C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 876 (0x36C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=877 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 6C 03 00 00 0E 00 00 ........ .l...... > [010] 00 54 03 00 00 00 00 00 00 C0 00 00 00 00 40 00 .T...... ......@. > [020] 00 01 00 00 00 06 00 00 00 01 00 00 00 06 00 00 ........ ........ > [030] 00 01 00 00 00 F4 01 00 00 10 00 00 00 08 00 08 ........ ........ > [040] 00 01 00 00 00 3A 00 3A 00 01 00 00 00 1E 00 1E .....:.: ........ > [050] 00 01 00 00 00 02 00 00 00 B8 0B 00 00 10 00 00 ........ ........ > [060] 00 06 00 06 00 01 00 00 00 1C 00 1C 00 01 00 00 ........ ........ > [070] 00 1E 00 1E 00 01 00 00 00 03 00 00 00 BC 0B 00 ........ ........ > [080] 00 10 00 00 00 06 00 06 00 01 00 00 00 18 00 18 ........ ........ > [090] 00 01 00 00 00 18 00 18 00 01 00 00 00 04 00 00 ........ ........ > [0A0] 00 BE 0B 00 00 10 00 00 00 06 00 06 00 01 00 00 ........ ........ > [0B0] 00 0E 00 0E 00 01 00 00 00 0E 00 0E 00 01 00 00 ........ ........ > [0C0] 00 05 00 00 00 C0 0B 00 00 10 00 00 00 06 00 06 ........ ........ > [0D0] 00 01 00 00 00 18 00 18 00 01 00 00 00 18 00 18 ........ ........ > [0E0] 00 01 00 00 00 06 00 00 00 C6 0B 00 00 10 00 00 ........ ........ > [0F0] 00 12 00 12 00 01 00 00 00 14 00 14 00 01 00 00 ........ ........ > [100] 00 1E 00 1E 00 01 00 00 00 04 00 00 00 00 00 00 ........ ........ > [110] 00 04 00 00 00 72 00 6F 00 6F 00 74 00 1D 00 00 .....r.o .o.t.... > [120] 00 00 00 00 00 1D 00 00 00 4C 00 44 00 41 00 50 ........ .L.D.A.P > [130] 00 20 00 42 00 61 00 73 00 65 00 64 00 20 00 53 . .B.a.s .e.d. .S > [140] 00 75 00 70 00 65 00 72 00 20 00 55 00 73 00 65 .u.p.e.r . .U.s.e > [150] 00 72 00 20 00 41 00 63 00 63 00 6F 00 75 00 6E .r. .A.c .c.o.u.n > [160] 00 74 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 .t...... ........ > [170] 00 53 00 79 00 73 00 74 00 65 00 6D 00 20 00 42 .S.y.s.t .e.m. .B > [180] 00 6F 00 73 00 73 00 20 00 4D 00 61 00 6E 00 00 .o.s.s. .M.a.n.. > [190] 00 03 00 00 00 00 00 00 00 03 00 00 00 6A 00 68 ........ .....j.h > [1A0] 00 74 00 00 00 0E 00 00 00 00 00 00 00 0E 00 00 .t...... ........ > [1B0] 00 42 00 69 00 67 00 20 00 53 00 6C 00 65 00 75 .B.i.g. .S.l.e.u > [1C0] 00 74 00 68 00 20 00 4D 00 61 00 6E 00 0F 00 00 .t.h. .M .a.n.... > [1D0] 00 00 00 00 00 0F 00 00 00 4A 00 6F 00 68 00 6E ........ .J.o.h.n > [1E0] 00 20 00 48 00 20 00 54 00 65 00 72 00 70 00 73 . .H. .T .e.r.p.s > [1F0] 00 74 00 72 00 61 00 00 00 03 00 00 00 00 00 00 .t.r.a.. ........ >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,936) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,936) wrote 936 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 53 of length 140 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16833 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=69 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 0F 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 0F 00 00 00 00 00 0B 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [040] 00 FF FF 00 00 ..... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0034 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000f >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000001c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 000f >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0xf - api_rpcTNP: rpc command: SAMR_ENUM_DOM_ALIASES >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[6].fn == 0x8153fcc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_enum_dom_aliases >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 start_idx: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 max_size : 0000ffff >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_enum_dom_aliases: access check ((granted: 0x000d07fb; required: 0x00000100) >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(745) > samr_reply_enum_dom_aliases: sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1133) > smbldap_search_paged: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4))],scope => [2], pagesize => [1024] >[2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4))], scope => [2] >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1172) > smbldap_search_paged: search was successfull >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_samr_r_enum_dom_aliases(3382) > init_samr_r_enum_dom_aliases >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(774) > samr_enum_dom_aliases: 774 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_enum_dom_aliases >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 next_idx : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 ptr_entries1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_entries4: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 000c status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 36 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0028 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16833 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0F 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 ........ . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,100) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,100) wrote 100 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 54 of length 140 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16897 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=69 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 10 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 0F 00 00 00 00 00 05 00 00 ........ ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [040] 00 FF FF 00 00 ..... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0034 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000010 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000001c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 000f >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0xf - api_rpcTNP: rpc command: SAMR_ENUM_DOM_ALIASES >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[6].fn == 0x8153fcc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_enum_dom_aliases >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000005 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 start_idx: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 max_size : 0000ffff >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 05 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_enum_dom_aliases: access check ((granted: 0x000d07fa; required: 0x00000100) >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(745) > samr_reply_enum_dom_aliases: sid S-1-5-32 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1133) > smbldap_search_paged: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=5))],scope => [2], pagesize => [1024] >[2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=5))], scope => [2] >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1172) > smbldap_search_paged: search was successfull >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_samr_r_enum_dom_aliases(3382) > init_samr_r_enum_dom_aliases >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(774) > samr_enum_dom_aliases: 774 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_enum_dom_aliases >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 next_idx : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 ptr_entries1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_entries4: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 000c status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 36 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0028 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16897 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 ........ . >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,100) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,100) wrote 100 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 144 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x90 >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 55 of length 148 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16961 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=77 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 11 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 30 00 00 00 00 00 0B 00 00 .$.....0 ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 03 00 00 ........ B.%..... > [040] 00 00 00 00 00 D0 07 00 00 FF 7F 00 00 ........ ..... >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=60 params=0 setup=2 >[2005/05/12 14:30:47, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:47, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:47, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:47, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1024 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 003c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000011 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 44, incoming data = 44 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000024 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0030 >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x30 - api_rpcTNP: rpc command: SAMR_QUERY_DISPINFO3 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[27].fn == 0x815413d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_query_dispinfo >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 switch_level: 0003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 start_idx : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c max_entries : 000007d0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 max_size : 00007fff >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(802) > samr_reply_query_dispinfo: 802 >[2005/05/12 14:30:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(849) > samr_reply_query_dispinfo: client requested 2000 entries, limiting to 1024 >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(861) > samr_reply_query_dispinfo: buffer size limits to only 1023 entries >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:47, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1133) > smbldap_search_paged: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=2))],scope => [2], pagesize => [1024] >[2005/05/12 14:30:47, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=2))], scope => [2] >[2005/05/12 14:30:47, 3] lib/smbldap.c:smbldap_search_paged(1172) > smbldap_search_paged: search was successfull >[2005/05/12 14:30:47, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_dispinfo_3(1704) > init_sam_dispinfo_3: num_entries: 8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) > init_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) > init_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) > init_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) > init_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) > init_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) > init_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) > init_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_sam_entry3(1168) > init_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(949) > _samr_query_dispinfo: 949 >[2005/05/12 14:30:47, 5] rpc_parse/parse_samr.c:init_samr_r_query_dispinfo(1966) > init_samr_r_query_dispinfo: level 3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_query_dispinfo >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 total_size : 00000100 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data_size : 00008000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 switch_level: 0003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c num_entries : 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 ptr_entries : 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 num_entries2: 00000008 >[2005/05/12 14:30:47, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 sam_io_sam_dispinfo_3 groups >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000018 sam_io_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 grp_idx: 00000001 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c rid_grp: 00000200 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 attr : 00000007 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 uni_str_len: 001a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 uni_max_len: 001a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002c uni_str_len: 003a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002e uni_max_len: 003a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000034 sam_io_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 grp_idx: 00000002 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0038 rid_grp: 00000201 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c attr : 00000007 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000040 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0040 uni_str_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0042 uni_max_len: 0018 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0048 uni_str_len: 0028 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 004a uni_max_len: 0028 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 004c buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000050 sam_io_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0050 grp_idx: 00000003 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0054 rid_grp: 00000202 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0058 attr : 00000007 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00005c smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 005c uni_str_len: 001a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 005e uni_max_len: 001a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0060 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000064 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0064 uni_str_len: 0036 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0066 uni_max_len: 0036 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0068 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00006c sam_io_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 006c grp_idx: 00000004 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0070 rid_grp: 00000226 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0074 attr : 00000007 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000078 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0078 uni_str_len: 001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 007a uni_max_len: 001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 007c buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000080 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0080 uni_str_len: 003c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0082 uni_max_len: 003c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0084 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000088 sam_io_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0088 grp_idx: 00000005 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 008c rid_grp: 00000227 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0090 attr : 00000007 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000094 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0094 uni_str_len: 0020 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0096 uni_max_len: 0020 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0098 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00009c smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 009c uni_str_len: 0080 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 009e uni_max_len: 0080 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00a0 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0000a4 sam_io_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00a4 grp_idx: 00000006 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00a8 rid_grp: 00000228 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00ac attr : 00000007 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000b0 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00b0 uni_str_len: 0014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00b2 uni_max_len: 0014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00b4 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000b8 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00b8 uni_str_len: 007a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00ba uni_max_len: 007a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00bc buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0000c0 sam_io_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00c0 grp_idx: 00000007 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00c4 rid_grp: 00000229 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00c8 attr : 00000007 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000cc smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00cc uni_str_len: 0020 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00ce uni_max_len: 0020 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00d0 buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000d4 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00d4 uni_str_len: 0042 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00d6 uni_max_len: 0042 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00d8 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0000dc sam_io_sam_entry3 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00dc grp_idx: 00000008 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00e0 rid_grp: 00000bb9 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00e4 attr : 00000007 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000e8 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00e8 uni_str_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00ea uni_max_len: 0012 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00ec buffer : 00000001 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000f0 smb_io_unihdr unihdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00f0 uni_str_len: 0022 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00f2 uni_max_len: 0022 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00f4 buffer : 00000001 >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0000f8 sam_io_sam_str3 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000f8 smb_io_unistr2 uni_grp_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00f8 uni_max_len: 0000000d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00fc offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0100 uni_str_len: 0000000d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0104 buffer : D.o.m.a.i.n. .A.d.m.i.n.s. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00011e smb_io_unistr2 uni_grp_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0120 uni_max_len: 0000001d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0124 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0128 uni_str_len: 0000001d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 012c buffer : N.e.t.B.I.O.S. .D.o.m.a.i.n. .A.d.m.i.n.i.s.t.r.a.t.o.r.s. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000166 sam_io_sam_str3 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000168 smb_io_unistr2 uni_grp_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0168 uni_max_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 016c offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0170 uni_str_len: 0000000c >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0174 buffer : D.o.m.a.i.n. .U.s.e.r.s. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00018c smb_io_unistr2 uni_grp_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 018c uni_max_len: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0190 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0194 uni_str_len: 00000014 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0198 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .U.s.e.r.s. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0001c0 sam_io_sam_str3 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0001c0 smb_io_unistr2 uni_grp_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01c0 uni_max_len: 0000000d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01c4 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01c8 uni_str_len: 0000000d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 01cc buffer : D.o.m.a.i.n. .G.u.e.s.t.s. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0001e6 smb_io_unistr2 uni_grp_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01e8 uni_max_len: 0000001b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01ec offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01f0 uni_str_len: 0000001b >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 01f4 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .G.u.e.s.t.s. .U.s.e.r.s. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00022a sam_io_sam_str3 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00022c smb_io_unistr2 uni_grp_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 022c uni_max_len: 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0230 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0234 uni_str_len: 0000000f >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0238 buffer : P.r.i.n.t. .O.p.e.r.a.t.o.r.s. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000256 smb_io_unistr2 uni_grp_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0258 uni_max_len: 0000001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 025c offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0260 uni_str_len: 0000001e >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0264 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .P.r.i.n.t. .O.p.e.r.a.t.o.r.s. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0002a0 sam_io_sam_str3 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002a0 smb_io_unistr2 uni_grp_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02a0 uni_max_len: 00000010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02a4 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02a8 uni_str_len: 00000010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 02ac buffer : B.a.c.k.u.p. .O.p.e.r.a.t.o.r.s. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002cc smb_io_unistr2 uni_grp_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02cc uni_max_len: 00000040 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02d0 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 02d4 uni_str_len: 00000040 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 02d8 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .M.e.m.b.e.r.s. .c.a.n. .b.y.p.a.s.s. .f.i.l.e. .s.e.c.u.r.i.t.y. .t.o. .b.a.c.k. .u.p. .f.i.l.e.s. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000358 sam_io_sam_str3 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000358 smb_io_unistr2 uni_grp_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0358 uni_max_len: 0000000a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 035c offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0360 uni_str_len: 0000000a >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0364 buffer : R.e.p.l.i.c.a.t.o.r. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000378 smb_io_unistr2 uni_grp_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0378 uni_max_len: 0000003d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 037c offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0380 uni_str_len: 0000003d >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0384 buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .S.u.p.p.o.r.t.s. .f.i.l.e. .r.e.p.l.i.c.a.t.i.o.n. .i.n. .a. .s.a.m.b.a.D.o.m.a.i.n.N.a.m.e. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 0003fe sam_io_sam_str3 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000400 smb_io_unistr2 uni_grp_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0400 uni_max_len: 00000010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0404 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0408 uni_str_len: 00000010 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 040c buffer : D.o.m.a.i.n. .C.o.m.p.u.t.e.r.s. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00042c smb_io_unistr2 uni_grp_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 042c uni_max_len: 00000021 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0430 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0434 uni_str_len: 00000021 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0438 buffer : N.e.t.B.I.O.S. .D.o.m.a.i.n. .C.o.m.p.u.t.e.r.s. .a.c.c.o.u.n.t.s. >[2005/05/12 14:30:47, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00047a sam_io_sam_str3 >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00047c smb_io_unistr2 uni_grp_name >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 047c uni_max_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0480 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0484 uni_str_len: 00000009 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0488 buffer : E.n.g.i.n.e.e.r.s. >[2005/05/12 14:30:47, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00049a smb_io_unistr2 uni_grp_desc >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 049c uni_max_len: 00000011 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 04a0 offset : 00000000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 04a4 uni_str_len: 00000011 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 04a8 buffer : D.o.m.a.i.n. .U.n.i.x. .g.r.o.u.p. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 04cc status: NT_STATUS_OK >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 1350 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 44 >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1024 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 1232. >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 04e8 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000011 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 000004d0 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:47, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:47, 5] smbd/ipc.c:send_trans_reply(89) > send_trans_reply: buffer 1024 too large >[2005/05/12 14:30:47, 3] smbd/error.c:error_packet(147) > error packet at smbd/ipc.c(97) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2005/05/12 14:30:47, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..1024] >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=16961 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 E8 04 00 00 11 00 00 ........ ........ > [010] 00 D0 04 00 00 00 00 00 00 00 01 00 00 00 80 00 ........ ........ > [020] 00 03 00 00 00 08 00 00 00 01 00 00 00 08 00 00 ........ ........ > [030] 00 01 00 00 00 00 02 00 00 07 00 00 00 1A 00 1A ........ ........ > [040] 00 01 00 00 00 3A 00 3A 00 01 00 00 00 02 00 00 .....:.: ........ > [050] 00 01 02 00 00 07 00 00 00 18 00 18 00 01 00 00 ........ ........ > [060] 00 28 00 28 00 01 00 00 00 03 00 00 00 02 02 00 .(.(.... ........ > [070] 00 07 00 00 00 1A 00 1A 00 01 00 00 00 36 00 36 ........ .....6.6 > [080] 00 01 00 00 00 04 00 00 00 26 02 00 00 07 00 00 ........ .&...... > [090] 00 1E 00 1E 00 01 00 00 00 3C 00 3C 00 01 00 00 ........ .<.<.... > [0A0] 00 05 00 00 00 27 02 00 00 07 00 00 00 20 00 20 .....'.. ..... . > [0B0] 00 01 00 00 00 80 00 80 00 01 00 00 00 06 00 00 ........ ........ > [0C0] 00 28 02 00 00 07 00 00 00 14 00 14 00 01 00 00 .(...... ........ > [0D0] 00 7A 00 7A 00 01 00 00 00 07 00 00 00 29 02 00 .z.z.... .....).. > [0E0] 00 07 00 00 00 20 00 20 00 01 00 00 00 42 00 42 ..... . .....B.B > [0F0] 00 01 00 00 00 08 00 00 00 B9 0B 00 00 07 00 00 ........ ........ > [100] 00 12 00 12 00 01 00 00 00 22 00 22 00 01 00 00 ........ .".".... > [110] 00 0D 00 00 00 00 00 00 00 0D 00 00 00 44 00 6F ........ .....D.o > [120] 00 6D 00 61 00 69 00 6E 00 20 00 41 00 64 00 6D .m.a.i.n . .A.d.m > [130] 00 69 00 6E 00 73 00 00 00 1D 00 00 00 00 00 00 .i.n.s.. ........ > [140] 00 1D 00 00 00 4E 00 65 00 74 00 42 00 49 00 4F .....N.e .t.B.I.O > [150] 00 53 00 20 00 44 00 6F 00 6D 00 61 00 69 00 6E .S. .D.o .m.a.i.n > [160] 00 20 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 . .A.d.m .i.n.i.s > [170] 00 74 00 72 00 61 00 74 00 6F 00 72 00 73 00 00 .t.r.a.t .o.r.s.. > [180] 00 0C 00 00 00 00 00 00 00 0C 00 00 00 44 00 6F ........ .....D.o > [190] 00 6D 00 61 00 69 00 6E 00 20 00 55 00 73 00 65 .m.a.i.n . .U.s.e > [1A0] 00 72 00 73 00 14 00 00 00 00 00 00 00 14 00 00 .r.s.... ........ > [1B0] 00 4E 00 65 00 74 00 62 00 69 00 6F 00 73 00 20 .N.e.t.b .i.o.s. > [1C0] 00 44 00 6F 00 6D 00 61 00 69 00 6E 00 20 00 55 .D.o.m.a .i.n. .U > [1D0] 00 73 00 65 00 72 00 73 00 0D 00 00 00 00 00 00 .s.e.r.s ........ > [1E0] 00 0D 00 00 00 44 00 6F 00 6D 00 61 00 69 00 6E .....D.o .m.a.i.n > [1F0] 00 20 00 47 00 75 00 65 00 73 00 74 00 73 00 00 . .G.u.e .s.t.s.. >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,1084) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,1084) wrote 1084 >[2005/05/12 14:30:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 59 >[2005/05/12 14:30:47, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x3b >[2005/05/12 14:30:47, 3] smbd/process.c:process_smb(1102) > Transaction 56 of length 63 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=17025 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28938 (0x710A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 232 (0xE8) > smb_vwv[ 6]= 232 (0xE8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 232 (0xE8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/05/12 14:30:47, 3] smbd/process.c:switch_message(893) > switch message SMBreadX (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:47, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:47, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 232 >[2005/05/12 14:30:47, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: samr: current_pdu_len = 1256, current_pdu_sent = 1024 returning 232 bytes. >[2005/05/12 14:30:47, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=710a min=232 max=232 nread=232 >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:47, 5] lib/util.c:show_msg(464) > size=291 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=17025 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 232 (0xE8) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=232 >[2005/05/12 14:30:47, 10] lib/util.c:dump_data(2013) > [000] 61 00 44 00 6F 00 6D 00 61 00 69 00 6E 00 4E 00 a.D.o.m. a.i.n.N. > [010] 61 00 6D 00 65 00 00 00 10 00 00 00 00 00 00 00 a.m.e... ........ > [020] 10 00 00 00 44 00 6F 00 6D 00 61 00 69 00 6E 00 ....D.o. m.a.i.n. > [030] 20 00 43 00 6F 00 6D 00 70 00 75 00 74 00 65 00 .C.o.m. p.u.t.e. > [040] 72 00 73 00 21 00 00 00 00 00 00 00 21 00 00 00 r.s.!... ....!... > [050] 4E 00 65 00 74 00 42 00 49 00 4F 00 53 00 20 00 N.e.t.B. I.O.S. . > [060] 44 00 6F 00 6D 00 61 00 69 00 6E 00 20 00 43 00 D.o.m.a. i.n. .C. > [070] 6F 00 6D 00 70 00 75 00 74 00 65 00 72 00 73 00 o.m.p.u. t.e.r.s. > [080] 20 00 61 00 63 00 63 00 6F 00 75 00 6E 00 74 00 .a.c.c. o.u.n.t. > [090] 73 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 s....... ........ > [0A0] 45 00 6E 00 67 00 69 00 6E 00 65 00 65 00 72 00 E.n.g.i. n.e.e.r. > [0B0] 73 00 00 00 11 00 00 00 00 00 00 00 11 00 00 00 s....... ........ > [0C0] 44 00 6F 00 6D 00 61 00 69 00 6E 00 20 00 55 00 D.o.m.a. i.n. .U. > [0D0] 6E 00 69 00 78 00 20 00 67 00 72 00 6F 00 75 00 n.i.x. . g.r.o.u. > [0E0] 70 00 00 00 00 00 00 00 p....... >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(458) > write_socket(29,295) >[2005/05/12 14:30:47, 6] lib/util_sock.c:write_socket(461) > write_socket(29,295) wrote 295 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 57 of length 140 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17089 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=69 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 12 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 0B 00 00 ......." ........ > [030] 00 00 00 00 00 F7 BC 83 42 F0 25 00 00 BF 01 06 ........ B.%..... > [040] 00 C6 0B 00 00 ..... >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0034 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000012 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000001c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0022 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPEN_USER >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[20].fn == 0x8154894 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_user >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000b >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f7 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 access_mask: 000601bf >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 user_rid : 00000bc6 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0B 00 00 00 00 00 00 00 F7 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_user: access check ((granted: 0x000d07fb; required: 0x00000200) >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd04e4] >[2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x0002011b, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 2035b, current desired = 2011b >[2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2011b) granted. >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_user: access GRANTED (requested: 0x0002011b, granted: 0x000f05ff) >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:49, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(sambaSID=S-1-5-21-726309263-4128913605-1168186429-3014)(objectclass=sambaSamAccount))], scope => [2] >[2005/05/12 14:30:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: vlendecke >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Volker Lendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\login.cmd, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/05/12 14:30:49, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user vlendecke >[2005/05/12 14:30:49, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/05/12 14:30:49, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[5] [000] 00 00 00 00 0C 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_user >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd user_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 1680 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 36 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000012 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17089 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 12 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 ........ ........ > [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 58 of length 132 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17153 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=61 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 13 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 0C 00 00 ........ ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 44 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000013 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0001 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[0].fn == 0x81535a8 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0C 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000013 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17153 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 13 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 164 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa4 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 59 of length 168 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17217 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=97 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 14 00 00 ........ .P...... > [020] 00 38 00 00 00 00 00 40 00 78 BC 14 00 09 00 00 .8.....@ .x...... > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 00 30 00 00 .R.L.I.N .....0.. > [050] 00 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 ........ ........ > [060] 00 . >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=80 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 80 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0050 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000014 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000038 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0040 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x40 - unknown >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 23 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0020 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000014 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0018 status : NT code 0x1c010002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c reserved: 00000000 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 64 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: samr: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17217 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 14 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,92) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,92) wrote 92 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 152 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x98 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 60 of length 156 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17281 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=85 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 44 00 00 00 15 00 00 ........ .D...... > [020] 00 2C 00 00 00 00 00 3E 00 78 BC 14 00 09 00 00 .,.....> .x...... > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 ........ .\.\.M.E > [040] 00 52 00 4C 00 49 00 4E 00 00 00 00 00 02 00 00 .R.L.I.N ........ > [050] 00 30 00 00 00 .0... >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=68 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 68 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 68 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0044 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000015 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 52, incoming data = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000002c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 003e >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[47].fn == 0x81552b4 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_connect4 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr_srv_name: 0014bc78 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 uni_max_len: 00000009 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c uni_str_len: 00000009 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 unk_0: 00000002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 access_mask: 00000030 >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2205) > _samr_connect4: 2205 >[2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000030, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 30 >[2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (30) granted. >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_connect4: access GRANTED (requested: 0x00000030, granted: 0x00000030) >[2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid (NULL) >[2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(246) > get_samr_info_by_sid: created new info for NULL sid. >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[5] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2237) > _samr_connect: 2237 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_connect4 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd connect_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000d >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 974 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 52 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000015 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17281 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 15 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 61 of length 140 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17345 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=69 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 16 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 0D 00 00 ........ ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [040] 00 00 20 00 00 .. .. >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0034 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000016 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000001c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0006 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[3].fn == 0x81555a9 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_enum_domains >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000d >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 start_idx: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 max_size : 00002000 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2292) > make_enum_domains >[2005/05/12 14:30:49, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) > init_sam_entry: 0 >[2005/05/12 14:30:49, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) > init_sam_entry: 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3109) > init_samr_r_enum_domains >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_enum_domains >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 next_idx : 00000002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 ptr_entries1: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_entries2: 00000002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c ptr_entries2: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 num_entries3: 00000002 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 sam_io_sam_entry dom[0] >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 rid: 00000000 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_unihdr unihdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0018 uni_str_len: 0010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 001a uni_max_len: 0010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c buffer : 00000001 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 sam_io_sam_entry dom[1] >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 rid: 00000000 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unihdr unihdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 uni_str_len: 000e >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 uni_max_len: 000e >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 buffer : 00000001 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_unistr2 dom[0] >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 002c uni_max_len: 00000008 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 uni_str_len: 00000008 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0038 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_unistr2 dom[1] >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0048 uni_max_len: 00000007 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 004c offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0050 uni_str_len: 00000007 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0054 buffer : B.u.i.l.t.i.n. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0064 num_entries4: 00000002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0068 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 90 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 36 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0084 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000016 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 0000006c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..132] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=188 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17345 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 132 (0x84) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 84 00 00 00 16 00 00 ........ ........ > [010] 00 6C 00 00 00 00 00 00 00 02 00 00 00 01 00 00 .l...... ........ > [020] 00 02 00 00 00 01 00 00 00 02 00 00 00 00 00 00 ........ ........ > [030] 00 10 00 10 00 01 00 00 00 00 00 00 00 0E 00 0E ........ ........ > [040] 00 01 00 00 00 08 00 00 00 00 00 00 00 08 00 00 ........ ........ > [050] 00 4D 00 49 00 44 00 45 00 41 00 52 00 54 00 48 .M.I.D.E .A.R.T.H > [060] 00 07 00 00 00 00 00 00 00 07 00 00 00 42 00 75 ........ .....B.u > [070] 00 69 00 6C 00 74 00 69 00 6E 00 00 00 02 00 00 .i.l.t.i .n...... > [080] 00 00 00 00 00 ..... >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,192) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,192) wrote 192 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 164 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa4 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 62 of length 168 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17409 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=97 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 17 00 00 ........ .P...... > [020] 00 38 00 00 00 00 00 05 00 00 00 00 00 0D 00 00 .8...... ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 10 00 10 ........ B.%..... > [040] 00 30 BE 14 00 08 00 00 00 00 00 00 00 08 00 00 .0...... ........ > [050] 00 4D 00 49 00 44 00 45 00 41 00 52 00 54 00 48 .M.I.D.E .A.R.T.H > [060] 00 . >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=80 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 80 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0050 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000017 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000038 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0005 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[41].fn == 0x8155422 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_lookup_domain >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd connect_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000d >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr hdr_domain >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 uni_str_len: 0010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0016 uni_max_len: 0010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 buffer : 0014be30 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 uni_domain >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c uni_max_len: 00000008 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 uni_str_len: 00000008 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0028 buffer : M.I.D.E.A.R.T.H. >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2005/05/12 14:30:49, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2274) > Returning domain sid for domain MIDEARTH -> S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(138) > init_samr_r_lookup_domain >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_lookup_domain >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr: 00000001 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_dom_sid2 sid >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 num_auths: 00000004 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_dom_sid sid >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0008 sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0009 num_auths : 04 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000a id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000b id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000c id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000d id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000e id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 000f id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0010 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0020 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 64 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 003c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000017 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000024 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..60] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17409 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 17 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .$...... ........ > [020] 00 01 04 00 00 00 00 00 05 15 00 00 00 8F 99 4A ........ .......J > [030] 2B C5 38 1A F6 3D 1C A1 45 00 00 00 00 +.8..=.. E.... >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,120) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,120) wrote 120 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 160 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xa0 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 63 of length 164 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17473 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=93 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 18 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 .4...... ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 02 00 ........ B.%..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 ...J+.8. .=..E >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 76 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 004c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000018 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000034 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000d >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 00000200 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000004 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 04 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000200, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 200 >[2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (200) granted. >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000200, granted: 0x000d067a) >[2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[6] [000] 00 00 00 00 0E 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000e >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000018 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17473 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 18 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ > [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 148 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x94 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 64 of length 152 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17537 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=81 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 19 00 00 ........ .@...... > [020] 00 28 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 .(...... ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 80 02 00 ........ B.%..... > [040] 00 01 00 00 00 01 01 00 00 00 00 00 05 20 00 00 ........ ..... .. > [050] 00 . >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=64 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0040 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000019 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 48, incoming data = 48 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000028 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0007 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[39].fn == 0x8153716 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000d >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 flags: 00000280 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_auths: 00000001 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001c sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001d num_auths : 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001e id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 001f id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0020 id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0021 id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0022 id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0023 id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0024 sub_auths : 00000020 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd047a] >[2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000280, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 280 >[2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (280) granted. >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_domain: access GRANTED (requested: 0x00000280, granted: 0x000d06fa) >[2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-32 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[7] [000] 00 00 00 00 0F 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000f >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 48 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 00000019 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17537 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 19 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ > [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 182 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xb6 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 65 of length 186 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=182 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17601 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=115 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 62 00 00 00 1A 00 00 ........ .b...... > [020] 00 4A 00 00 00 00 00 11 00 00 00 00 00 0E 00 00 .J...... ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 01 00 00 ........ B.%..... > [040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 12 00 14 ........ ........ > [050] 00 08 6F 32 00 0A 00 00 00 00 00 00 00 09 00 00 ..o2.... ........ > [060] 00 76 00 6C 00 65 00 6E 00 64 00 65 00 63 00 6B .v.l.e.n .d.e.c.k > [070] 00 65 00 .e. >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=98 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 98 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 98 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 98 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 98, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 82 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 82 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0062 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 82 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 82, incoming data = 82 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000004a >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0011 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[19].fn == 0x8154418 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_lookup_names >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000e >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 num_names1: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 flags : 000003e8 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c ptr : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 num_names2: 00000001 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unihdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 uni_str_len: 0012 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 uni_max_len: 0014 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 buffer : 00326f08 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_unistr2 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 002c uni_max_len: 0000000a >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 uni_str_len: 00000009 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0038 buffer : v.l.e.n.d.e.c.k.e. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1088) > _samr_lookup_names: 1088 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0E 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_lookup_names: access check ((granted: 0x000d067a; required: 0000000000) >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1107) > _samr_lookup_names: looking name on SID S-1-5-21-726309263-4128913605-1168186429 >[2005/05/12 14:30:49, 10] passdb/util_sam_sid.c:map_name_to_wellknown_sid(289) > map_name_to_wellknown_sid: looking up vlendecke >[2005/05/12 14:30:49, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/smbusers >[2005/05/12 14:30:49, 10] lib/username.c:user_in_list(529) > user_in_list: checking user vlendecke in list >[2005/05/12 14:30:49, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |vlendecke| against |administrator| >[2005/05/12 14:30:49, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |vlendecke| against |admin| >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:49, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=vlendecke)(objectclass=sambaSamAccount))], scope => [2] >[2005/05/12 14:30:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: vlendecke >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Volker Lendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\login.cmd, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/05/12 14:30:49, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/05/12 14:30:49, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user vlendecke >[2005/05/12 14:30:49, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/05/12 14:30:49, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Volker Lendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\login.cmd, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 from rid 3014 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4691) > init_samr_r_lookup_names >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1151) > _samr_lookup_names: 1151 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_lookup_names >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 num_rids1: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 ptr_rids : 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_rids2: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c rid[00] : 00000bc6 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 num_types1: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 ptr_types : 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 num_types2: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c type[00] : 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0020 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 82 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 003c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001a >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000024 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..60] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17601 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 1A 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .$...... ........ > [020] 00 01 00 00 00 C6 0B 00 00 01 00 00 00 01 00 00 ........ ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,120) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,120) wrote 120 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 136 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x88 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 66 of length 140 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17665 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=69 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 1B 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 0E 00 00 ......." ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 1B 01 02 ........ B.%..... > [040] 00 C6 0B 00 00 ..... >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0034 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001b >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 0000001c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0022 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPEN_USER >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[20].fn == 0x8154894 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_user >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000e >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 access_mask: 0002011b >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 user_rid : 00000bc6 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0E 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_open_user: access check ((granted: 0x000d067a; required: 0x00000200) >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(153) > access_check_samr_object: user rights access mask [0xd04e4] >[2005/05/12 14:30:49, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x0002011b, for NT token with 6 entries and first sid S-1-5-21-726309263-4128913605-1168186429-3000. >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(250) >[2005/05/12 14:30:49, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-3000 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-3001 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 2035b, current desired = 2011b >[2005/05/12 14:30:49, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2011b) granted. >[2005/05/12 14:30:49, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) > _samr_open_user: access GRANTED (requested: 0x0002011b, granted: 0x000f05ff) >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Volker Lendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\login.cmd, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 from rid 3014 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[8] [000] 00 00 00 00 10 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_user >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd user_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0014 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 1682 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 36 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001b >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000018 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17665 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 1B 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 10 00 00 ........ ........ > [020] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 00 00 00 ........ B.%..... > [030] 00 . >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,108) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,108) wrote 108 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 130 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x82 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 67 of length 134 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17729 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=63 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 1C 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 24 00 00 00 00 00 10 00 00 .......$ ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 15 00 ........ B.%.... >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 46 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 46 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002e >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001c >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 30 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000016 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0024 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERY_USERINFO >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[21].fn == 0x8154a02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_query_userinfo >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 switch_value: 0015 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1584) > _samr_query_userinfo: sid:S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Volker Lendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\login.cmd, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 from rid 3014 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] rpc_server/srv_samr_nt.c:get_user_info_21(1550) > User:[vlendecke] >[2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_query_userinfo(6454) > init_samr_r_query_userinfo >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1667) > _samr_query_userinfo: 1667 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_query_userinfo >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr: 00000001 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 samr_io_userinfo_ctr ctr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 switch_value: 0015 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000008 sam_io_user_info21 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_time logon_time >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 low : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c high: 00000000 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_time logoff_time >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 low : ffffffff >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 high: 7fffffff >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_time pass_last_set_time >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 low : c0049900 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c high: 01c556c5 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_time kickoff_time >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 low : ffffffff >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 high: 7fffffff >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000028 smb_io_time pass_can_change_time >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 low : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 002c high: 00000000 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_time pass_must_change_time >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 low : 7a073100 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0034 high: 01c819f6 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000038 smb_io_unihdr hdr_user_name >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0038 uni_str_len: 0014 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 003a uni_max_len: 0014 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 003c buffer : 00000001 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000040 smb_io_unihdr hdr_full_name >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0040 uni_str_len: 0020 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0042 uni_max_len: 0020 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 buffer : 00000001 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_unihdr hdr_home_dir >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0048 uni_str_len: 0026 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 004a uni_max_len: 0026 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 004c buffer : 00000001 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000050 smb_io_unihdr hdr_dir_drive >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0050 uni_str_len: 0006 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0052 uni_max_len: 0006 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0054 buffer : 00000001 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000058 smb_io_unihdr hdr_logon_script >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0058 uni_str_len: 0024 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 005a uni_max_len: 0024 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 005c buffer : 00000001 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000060 smb_io_unihdr hdr_profile_path >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0060 uni_str_len: 0038 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0062 uni_max_len: 0038 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0064 buffer : 00000001 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000068 smb_io_unihdr hdr_acct_desc >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0068 uni_str_len: 0016 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 006a uni_max_len: 0016 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 006c buffer : 00000001 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000070 smb_io_unihdr hdr_workstations >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0070 uni_str_len: 0002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0072 uni_max_len: 0002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0074 buffer : 00000001 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000078 smb_io_unihdr hdr_unknown_str >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0078 uni_str_len: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 007a uni_max_len: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 007c buffer : 00000000 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000080 smb_io_unihdr hdr_munged_dial >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0080 uni_str_len: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0082 uni_max_len: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0084 buffer : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0088 lm_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0098 nt_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00a8 user_rid : 00000bc6 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00ac group_rid : 00000201 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00b0 acb_info : 00000010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00b4 fields_present : 00ffffff >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00b8 logon_divs : 00a8 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00bc ptr_logon_hrs : 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00c0 bad_password_count : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 00c2 logon_count : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 00c4 padding1 : 00 00 00 00 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 00ca passmustchange : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 00cb padding2 : 00 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000cc smb_io_unistr2 uni_user_name >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00cc uni_max_len: 0000000a >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00d0 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00d4 uni_str_len: 0000000a >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 00d8 buffer : v.l.e.n.d.e.c.k.e... >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0000ec smb_io_unistr2 uni_full_name >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00ec uni_max_len: 00000010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00f0 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 00f4 uni_str_len: 00000010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 00f8 buffer : V.o.l.k.e.r. .L.e.n.d.e.c.k.e... >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000118 smb_io_unistr2 uni_home_dir >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0118 uni_max_len: 00000013 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 011c offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0120 uni_str_len: 00000013 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0124 buffer : \.\.M.E.R.L.I.N.\.v.l.e.n.d.e.c.k.e... >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00014a smb_io_unistr2 uni_dir_drive >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 014c uni_max_len: 00000003 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0150 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0154 uni_str_len: 00000003 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0158 buffer : H.:... >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00015e smb_io_unistr2 uni_logon_script >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0160 uni_max_len: 00000012 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0164 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0168 uni_str_len: 00000012 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 016c buffer : s.c.r.i.p.t.s.\.l.o.g.i.n...c.m.d... >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000190 smb_io_unistr2 uni_profile_path >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0190 uni_max_len: 0000001c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0194 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0198 uni_str_len: 0000001c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 019c buffer : \.\.M.E.R.L.I.N.\.p.r.o.f.i.l.e.s.\.v.l.e.n.d.e.c.k.e... >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0001d4 smb_io_unistr2 uni_acct_desc >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01d4 uni_max_len: 0000000b >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01d8 offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01dc uni_str_len: 0000000b >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 01e0 buffer : G.u.e.s.t. .U.s.e.r... >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0001f6 smb_io_unistr2 uni_workstations >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01f8 uni_max_len: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 01fc offset : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0200 uni_str_len: 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) > 0204 buffer : .. >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000206 smb_io_unistr2 - NULL uni_unknown_str >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000206 smb_io_unistr2 - NULL uni_munged_dial >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000206 sam_io_logon_hrs logon_hrs >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0208 maxlen: 000004ec >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 020c offset: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0210 len : 00000015 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 0214 hours: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 022c status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 1122 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 30 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 560. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0248 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 00000230 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..584] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=640 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17729 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 584 (0x248) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 584 (0x248) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=585 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 48 02 00 00 1C 00 00 ........ .H...... > [010] 00 30 02 00 00 00 00 00 00 01 00 00 00 15 00 00 .0...... ........ > [020] 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF ........ ........ > [030] 7F 00 99 04 C0 C5 56 C5 01 FF FF FF FF FF FF FF ......V. ........ > [040] 7F 00 00 00 00 00 00 00 00 00 31 07 7A F6 19 C8 ........ ..1.z... > [050] 01 14 00 14 00 01 00 00 00 20 00 20 00 01 00 00 ........ . . .... > [060] 00 26 00 26 00 01 00 00 00 06 00 06 00 01 00 00 .&.&.... ........ > [070] 00 24 00 24 00 01 00 00 00 38 00 38 00 01 00 00 .$.$.... .8.8.... > [080] 00 16 00 16 00 01 00 00 00 02 00 02 00 01 00 00 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 C6 0B 00 00 01 02 00 00 10 00 00 00 FF FF FF ........ ........ > [0D0] 00 A8 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 ........ ........ > [0F0] 00 76 00 6C 00 65 00 6E 00 64 00 65 00 63 00 6B .v.l.e.n .d.e.c.k > [100] 00 65 00 00 00 10 00 00 00 00 00 00 00 10 00 00 .e...... ........ > [110] 00 56 00 6F 00 6C 00 6B 00 65 00 72 00 20 00 4C .V.o.l.k .e.r. .L > [120] 00 65 00 6E 00 64 00 65 00 63 00 6B 00 65 00 00 .e.n.d.e .c.k.e.. > [130] 00 13 00 00 00 00 00 00 00 13 00 00 00 5C 00 5C ........ .....\.\ > [140] 00 4D 00 45 00 52 00 4C 00 49 00 4E 00 5C 00 76 .M.E.R.L .I.N.\.v > [150] 00 6C 00 65 00 6E 00 64 00 65 00 63 00 6B 00 65 .l.e.n.d .e.c.k.e > [160] 00 00 00 00 00 03 00 00 00 00 00 00 00 03 00 00 ........ ........ > [170] 00 48 00 3A 00 00 00 00 00 12 00 00 00 00 00 00 .H.:.... ........ > [180] 00 12 00 00 00 73 00 63 00 72 00 69 00 70 00 74 .....s.c .r.i.p.t > [190] 00 73 00 5C 00 6C 00 6F 00 67 00 69 00 6E 00 2E .s.\.l.o .g.i.n.. > [1A0] 00 63 00 6D 00 64 00 00 00 1C 00 00 00 00 00 00 .c.m.d.. ........ > [1B0] 00 1C 00 00 00 5C 00 5C 00 4D 00 45 00 52 00 4C .....\.\ .M.E.R.L > [1C0] 00 49 00 4E 00 5C 00 70 00 72 00 6F 00 66 00 69 .I.N.\.p .r.o.f.i > [1D0] 00 6C 00 65 00 73 00 5C 00 76 00 6C 00 65 00 6E .l.e.s.\ .v.l.e.n > [1E0] 00 64 00 65 00 63 00 6B 00 65 00 00 00 0B 00 00 .d.e.c.k .e...... > [1F0] 00 00 00 00 00 0B 00 00 00 47 00 75 00 65 00 73 ........ .G.u.e.s >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,644) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,644) wrote 644 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 132 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x84 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 68 of length 136 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=132 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17793 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 48 (0x30) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=65 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 30 00 00 00 1D 00 00 ........ .0...... > [020] 00 18 00 00 00 00 00 03 00 00 00 00 00 10 00 00 ........ ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 04 00 00 ........ B.%..... > [040] 00 . >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=48 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 48 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 48 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 48, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 32 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 32 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0030 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001d >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 32 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 32, incoming data = 32 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000018 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0003 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x3 - api_rpcTNP: rpc command: SAMR_QUERY_SEC_OBJECT >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[42].fn == 0x8153b79 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_query_sec_obj >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd user_pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 sec_info: 00000004 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:_samr_query_sec_obj(476) > _samr_query_sec_obj: querying security on SID: S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] rpc_server/srv_samr_nt.c:_samr_query_sec_obj(503) > _samr_query_sec_obj: querying security on Object with SID: S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_query_sec_obj >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr: 00000001 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 sec_io_desc_buf sec >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 ptr : 00000001 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 sec_io_desc sec >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0010 revision : 0001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0012 type : 8004 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 off_owner_sid: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 off_grp_sid : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c off_sacl : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 off_dacl : 00000014 >[2005/05/12 14:30:49, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000024 sec_io_acl dacl >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0024 revision: 0002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 num_aces : 00000005 >[2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) > 00002c sec_io_ace ace_list[00]: >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 002c type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 002d flags: 00 >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 000030 sec_io_access info >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0030 mask: 0002035b >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 000034 smb_io_dom_sid trustee >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0034 sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0035 num_auths : 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0036 id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0037 id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0038 id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0039 id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003a id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 003b id_auth[5] : 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 003c sub_auths : 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 002e size : 0014 >[2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) > 000040 sec_io_ace ace_list[01]: >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0040 type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0041 flags: 00 >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 000044 sec_io_access info >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0044 mask: 000f07ff >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_dom_sid trustee >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0048 sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0049 num_auths : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004a id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004b id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004c id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004d id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004e id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004f id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0050 sub_auths : 00000020 00000220 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0042 size : 0018 >[2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) > 000058 sec_io_ace ace_list[02]: >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0058 type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0059 flags: 00 >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 00005c sec_io_access info >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 005c mask: 000f07ff >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 000060 smb_io_dom_sid trustee >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0060 sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0061 num_auths : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0062 id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0063 id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0064 id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0065 id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0066 id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0067 id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0068 sub_auths : 00000020 00000224 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 005a size : 0018 >[2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) > 000070 sec_io_ace ace_list[03]: >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0070 type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0071 flags: 00 >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 000074 sec_io_access info >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0074 mask: 000f07ff >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 000078 smb_io_dom_sid trustee >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0078 sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0079 num_auths : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 007a id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 007b id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 007c id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 007d id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 007e id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 007f id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0080 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d 00000200 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0072 size : 0024 >[2005/05/12 14:30:49, 9] rpc_parse/parse_prs.c:prs_debug(82) > 000094 sec_io_ace ace_list[04]: >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0094 type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0095 flags: 00 >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 000098 sec_io_access info >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0098 mask: 00020044 >[2005/05/12 14:30:49, 10] rpc_parse/parse_prs.c:prs_debug(82) > 00009c smb_io_dom_sid trustee >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 009c sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 009d num_auths : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 009e id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 009f id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 00a0 id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 00a1 id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 00a2 id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 00a3 id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 00a4 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d 00000bc6 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0096 size : 0024 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0026 size : 0094 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 max_len: 000000a8 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c len : 000000a8 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 00b8 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 1804 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 32 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 188. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 00d4 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001d >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 000000bc >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..212] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17793 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 212 (0xD4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 212 (0xD4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=213 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 D4 00 00 00 1D 00 00 ........ ........ > [010] 00 BC 00 00 00 00 00 00 00 01 00 00 00 A8 00 00 ........ ........ > [020] 00 01 00 00 00 A8 00 00 00 01 00 04 80 00 00 00 ........ ........ > [030] 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 94 ........ ........ > [040] 00 05 00 00 00 00 00 14 00 5B 03 02 00 01 01 00 ........ .[...... > [050] 00 00 00 00 01 00 00 00 00 00 00 18 00 FF 07 0F ........ ........ > [060] 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 ........ . ... .. > [070] 00 00 00 18 00 FF 07 0F 00 01 02 00 00 00 00 00 ........ ........ > [080] 05 20 00 00 00 24 02 00 00 00 00 24 00 FF 07 0F . ...$.. ...$.... > [090] 00 01 05 00 00 00 00 00 05 15 00 00 00 8F 99 4A ........ .......J > [0A0] 2B C5 38 1A F6 3D 1C A1 45 00 02 00 00 00 00 24 +.8..=.. E......$ > [0B0] 00 44 00 02 00 01 05 00 00 00 00 00 05 15 00 00 .D...... ........ > [0C0] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 C6 0B 00 ...J+.8. .=..E... > [0D0] 00 00 00 00 00 ..... >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,272) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,272) wrote 272 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 128 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0x80 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 69 of length 132 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17857 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=61 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 1E 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 27 00 00 00 00 00 10 00 00 .......' ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 ........ B.%.. >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 44 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 002c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001e >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000014 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0027 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x27 - api_rpcTNP: rpc command: SAMR_QUERY_USERGROUPS >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[25].fn == 0x8154b73 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_query_usergroups >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 00000010 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_usergroups(1704) > _samr_query_usergroups: 1704 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_query_usergroups: access check ((granted: 0x000f05ff; required: 0x00000100) >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Volker Lendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\MERLIN\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\login.cmd, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\MERLIN\profiles\vlendecke, was >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/05/12 14:30:49, 10] lib/account_pol.c:account_policy_get(202) > account_policy_get: password history:0 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 >[2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3014 from rid 3014 >[2005/05/12 14:30:49, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-513 from rid 513 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:49, 10] lib/system_smbd.c:sys_getgrouplist(116) > sys_getgrouplist: user [vlendecke] >[2005/05/12 14:30:49, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist(): disabled winbindd for group lookup [user == vlendecke] >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:49, 8] lib/util_getent.c:remove_duplicate_gids(330) > remove_duplicate_gids: Enter 2 gids >[2005/05/12 14:30:49, 8] lib/util_getent.c:remove_duplicate_gids(348) > remove_duplicate_gids: Exit 1 gids >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(233) > fetch sid from gid cache 513 -> S-1-5-21-726309263-4128913605-1168186429-513 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_query_usergroups(2963) > init_samr_r_query_usergroups >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_usergroups(1770) > _samr_query_usergroups: 1770 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_query_usergroups >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 ptr_0 : 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 num_entries : 00000001 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 ptr_1 : 00000001 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000c samr_io_gids gids >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c num_gids: 00000001 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_gid gids >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 g_rid: 00000201 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 attr : 00000007 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 0018 status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 8 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 710a name: samr len: 1256 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 28. >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 02 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0034 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001e >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0010 alloc_hint: 0000001c >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0014 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0016 cancel_ct : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0017 reserved : 00 >[2005/05/12 14:30:49, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..52] >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17857 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 52 (0x34) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=53 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 05 00 02 03 10 00 00 00 34 00 00 00 1E 00 00 ........ .4...... > [010] 00 1C 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ > [020] 00 01 00 00 00 01 00 00 00 01 02 00 00 07 00 00 ........ ........ > [030] 00 00 00 00 00 ..... >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(458) > write_socket(29,112) >[2005/05/12 14:30:49, 6] lib/util_sock.c:write_socket(461) > write_socket(29,112) wrote 112 >[2005/05/12 14:30:49, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) > got smb length of 212 >[2005/05/12 14:30:49, 6] smbd/process.c:process_smb(1101) > got message type 0x0 of len 0xd4 >[2005/05/12 14:30:49, 3] smbd/process.c:process_smb(1102) > Transaction 70 of length 216 >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(454) >[2005/05/12 14:30:49, 5] lib/util.c:show_msg(464) > size=212 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1776 > smb_uid=100 > smb_mid=17921 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 128 (0x80) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1256 (0x4E8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28938 (0x710A) > smb_bcc=145 >[2005/05/12 14:30:49, 10] lib/util.c:dump_data(2013) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 1F 00 00 ........ ........ > [020] 00 68 00 00 00 00 00 10 00 00 00 00 00 0F 00 00 .h...... ........ > [030] 00 00 00 00 00 F9 BC 83 42 F0 25 00 00 02 00 00 ........ B.%..... > [040] 00 88 6A 14 00 02 00 00 00 B0 CB 14 00 D8 CB 14 ..j..... ........ > [050] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ > [060] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 C6 0B 00 ...J+.8. .=..E... > [070] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ > [080] 00 8F 99 4A 2B C5 38 1A F6 3D 1C A1 45 01 02 00 ...J+.8. .=..E... > [090] 00 . >[2005/05/12 14:30:49, 3] smbd/process.c:switch_message(893) > switch message SMBtrans (pid 9712) conn 0x83b6eac >[2005/05/12 14:30:49, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/05/12 14:30:49, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=128 params=0 setup=2 >[2005/05/12 14:30:49, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/05/12 14:30:49, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/05/12 14:30:49, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=710a >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=710b (pipes_open=2) >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=710a (pipes_open=2) >[2005/05/12 14:30:49, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 710a) >[2005/05/12 14:30:49, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83b75e8 max_trans_reply: 1256 >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 710a name: samr open: Yes len: 128 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 128 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 112 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0000 major : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0001 minor : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0002 pkt_type : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0003 flags : 03 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0004 pack_type0: 10 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0005 pack_type1: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0006 pack_type2: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0007 pack_type3: 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 frag_len : 0080 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a auth_len : 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 000c call_id : 0000001f >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 112 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 112, incoming data = 112 >[2005/05/12 14:30:49, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 alloc_hint: 00000068 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0004 context_id: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0006 opnum : 0010 >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) > Requested \PIPE\samr >[2005/05/12 14:30:49, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) > api_rpcTNP: samr op 0x10 - api_rpcTNP: rpc command: SAMR_QUERY_USERALIASES >[2005/05/12 14:30:49, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) > api_rpc_cmds[7].fn == 0x8155b72 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_query_useraliases >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 data1: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 data2: 0000000f >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 0008 data3: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint16(640) > 000a data4: 0000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8s(756) > 000c data5: f9 bc 83 42 f0 25 00 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0014 num_sids1: 00000002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0018 ptr : 00146a88 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 001c num_sids2: 00000002 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0020 ptr[00]: 0014cbb0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0024 ptr[01]: 0014cbd8 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000028 smb_io_dom_sid2 sid[00] >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0028 num_auths: 00000005 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_dom_sid sid >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 002c sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 002d num_auths : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 002e id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 002f id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0030 id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0031 id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0032 id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0033 id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0034 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d 00000bc6 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_dom_sid2 sid[01] >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0048 num_auths: 00000005 >[2005/05/12 14:30:49, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00004c smb_io_dom_sid sid >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004c sid_rev_num: 01 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004d num_auths : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004e id_auth[0] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 004f id_auth[1] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0050 id_auth[2] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0051 id_auth[3] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0052 id_auth[4] : 00 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint8(580) > 0053 id_auth[5] : 05 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32s(896) > 0054 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d 00000201 >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:_samr_query_useraliases(2969) > _samr_query_useraliases: 2969 >[2005/05/12 14:30:49, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0F 00 00 00 00 00 00 00 F9 BC 83 42 ........ .......B > [010] F0 25 00 00 .%.. >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_query_useraliases: access check ((granted: 0x000d06fa; required: 0x00000080) >[2005/05/12 14:30:49, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) > _samr_query_useraliases: access check ((granted: 0x000d06fa; required: 0x00000200) >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_nt_user_token(480) > NT user token: (NULL) >[2005/05/12 14:30:49, 5] auth/auth_util.c:debug_unix_user_token(501) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/05/12 14:30:49, 5] lib/smbldap.c:smbldap_search_ext(1042) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(|(objectclass=sambaGroupMapping)(objectclass=sambaIdmapEntry))(|(sambaSIDList=S-1-5-21-726309263-4128913605-1168186429-3014)(sambaSIDList=S-1-5-21-726309263-4128913605-1168186429-513)))], scope => [2] >[2005/05/12 14:30:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0 >[2005/05/12 14:30:49, 5] rpc_parse/parse_samr.c:init_samr_r_query_useraliases(3807) > init_samr_r_query_useraliases >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_query_useraliases >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0000 num_entries: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0004 ptr : 00000001 >[2005/05/12 14:30:49, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 samr_io_rids rids >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_uint32(669) > 0008 num_rids: 00000000 >[2005/05/12 14:30:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) > 000c status: NT_STATUS_OK >[2005/05/12 14:30:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) > api_rpcTNP: called samr successfully >[2005/05/12 14:30:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) >[2005/05/12 14:30:49, 0] lib/fault.c:fault_report(36) > =============================================================== >[2005/05/12 14:30:49, 0] lib/fault.c:fault_report(37) > INTERNAL ERROR: Signal 6 in pid 9712 (3.0.15pre3-SVN-build-UNKNOWN-PS-SuSE) > Please read the appendix Bugs of the Samba HOWTO collection >[2005/05/12 14:30:49, 0] lib/fault.c:fault_report(39) > =============================================================== >[2005/05/12 14:30:49, 0] lib/util.c:smb_panic2(1498) > smb_panic(): calling panic action [/bin/sleep 90000]
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 2705
:
1225
| 1226