[2005/10/03 13:56:26, 4] nsswitch/winbindd_dual.c:fork_domain_child(527) child daemon request 43 [2005/10/03 13:56:26, 10] nsswitch/winbindd_dual.c:child_process_request(403) process_request: request fn INIT_CONNECTION [2005/10/03 13:56:26, 8] nsswitch/winbindd_cm.c:connection_ok(806) Connection to for domain CORP has NULL cli! [2005/10/03 13:56:26, 4] passdb/secrets.c:secrets_fetch_trust_account_password(281) Using cleartext machine password [2005/10/03 13:56:26, 8] libsmb/namequery.c:get_sorted_dc_list(1433) get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] [2005/10/03 13:56:26, 10] libsmb/namequery.c:internal_resolve_name(1028) internal_resolve_name: looking up CORP#1c [2005/10/03 13:56:26, 10] lib/gencache.c:gencache_get(263) Returning expired cache entry: key = NBT/CORP#1C, value = 10.100.1.24:0, timeout = Fri Sep 30 12:04:17 2005 [2005/10/03 13:56:26, 5] libsmb/namecache.c:namecache_fetch(195) no entry for CORP#1C found. [2005/10/03 13:56:26, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/CORP#1C) [2005/10/03 13:56:26, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1c> [2005/10/03 13:56:26, 4] libsmb/namequery.c:getlmhostsent(606) getlmhostsent: lmhost entry: 127.0.0.1 localhost [2005/10/03 13:56:26, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name CORP<0x1c> [2005/10/03 13:56:26, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2005/10/03 13:56:26, 5] libsmb/namequery.c:resolve_hosts(910) resolve_hosts: not appropriate for name type <0x1c> [2005/10/03 13:56:26, 3] libsmb/namequery.c:name_resolve_bcast(694) name_resolve_bcast: Attempting broadcast lookup for name CORP<0x1c> [2005/10/03 13:56:26, 10] lib/util_sock.c:open_socket_in(832) bind succeeded on port 0 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_KEEPALIVE = 0 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_REUSEADDR = 1 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_BROADCAST = 1 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(201) Could not test socket option TCP_NODELAY. [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(201) Could not test socket option TCP_KEEPCNT. [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(201) Could not test socket option TCP_KEEPIDLE. [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(201) Could not test socket option TCP_KEEPINTVL. [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_LOWDELAY = 0 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_THROUGHPUT = 0 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDBUF = 113664 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVBUF = 113664 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDLOWAT = 1 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVLOWAT = 1 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDTIMEO = 0 [2005/10/03 13:56:26, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVTIMEO = 0 [2005/10/03 13:56:26, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 50 to (10.100.1.255) on port 137 [2005/10/03 13:56:26, 10] lib/util_sock.c:read_udp_socket(286) read_udp_socket: lastip 10.100.1.24 lastport 137 read: 62 [2005/10/03 13:56:26, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 31301 [2005/10/03 13:56:26, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 62 from (10.100.1.24) port 137 [2005/10/03 13:56:26, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 10.100.1.24(137) header: id=31301 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=CORP<1c> rr_type=32 rr_class=1 ttl=300000 answers 0 char ...d.. hex 80000A640118 [2005/10/03 13:56:26, 2] libsmb/namequery.c:name_query(492) Got a positive name query response from 10.100.1.24 ( 10.100.1.24 ) [2005/10/03 13:56:26, 10] libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2005/10/03 13:56:26, 5] libsmb/namecache.c:namecache_store(131) namecache_store: storing 1 address for CORP#1c: 10.100.1.24:0 [2005/10/03 13:56:26, 10] lib/gencache.c:gencache_set(127) Adding cache entry with key = NBT/CORP#1C; value = 10.100.1.24:0 and timeout = Mon Oct 3 14:07:26 2005 (660 seconds ahead) [2005/10/03 13:56:26, 10] libsmb/namequery.c:internal_resolve_name(1145) internal_resolve_name: returning 1 addresses: 10.100.1.24:0 [2005/10/03 13:56:26, 8] libsmb/namequery.c:get_dc_list(1316) Adding 1 DC's from auto lookup [2005/10/03 13:56:26, 10] libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2005/10/03 13:56:26, 4] libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an unordered list [2005/10/03 13:56:26, 4] libsmb/namequery.c:get_dc_list(1407) get_dc_list: 10.100.1.24:0 [2005/10/03 13:56:26, 3] libsmb/clidgram.c:cli_send_mailslot(43) No nmbd found [2005/10/03 13:56:26, 5] nsswitch/winbindd_cm.c:receive_getdc_response(482) Did not receive packet for \MAILSLOT\NET\GETDC1801640A [2005/10/03 13:56:27, 5] nsswitch/winbindd_cm.c:receive_getdc_response(482) Did not receive packet for \MAILSLOT\NET\GETDC1801640A [2005/10/03 13:56:27, 5] nsswitch/winbindd_cm.c:receive_getdc_response(482) Did not receive packet for \MAILSLOT\NET\GETDC1801640A [2005/10/03 13:56:28, 5] nsswitch/winbindd_cm.c:receive_getdc_response(482) Did not receive packet for \MAILSLOT\NET\GETDC1801640A [2005/10/03 13:56:28, 5] nsswitch/winbindd_cm.c:receive_getdc_response(482) Did not receive packet for \MAILSLOT\NET\GETDC1801640A [2005/10/03 13:56:29, 10] libsmb/namequery.c:name_status_find(188) name_status_find: looking up CORP#1c at 10.100.1.24 [2005/10/03 13:56:29, 10] lib/gencache.c:gencache_get(285) Cache entry with key = NBT/CORP#1C.20.10.100.1.24 couldn't be found [2005/10/03 13:56:29, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/CORP#1C.20.10.100.1.24 found. [2005/10/03 13:56:29, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/CORP#1C.20.10.100.1.24) [2005/10/03 13:56:29, 10] lib/util_sock.c:open_socket_in(832) bind succeeded on port 0 [2005/10/03 13:56:29, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 50 to (10.100.1.24) on port 137 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_udp_socket(286) read_udp_socket: lastip 10.100.1.24 lastport 137 read: 265 [2005/10/03 13:56:29, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 32432 [2005/10/03 13:56:29, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 265 from (10.100.1.24) port 137 [2005/10/03 13:56:29, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 10.100.1.24(137) header: id=32432 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=CORP<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .SRV2 hex 08535256322020202020202020202020 answers 10 char ...CORP hex 000400434F5250202020202020202020 answers 20 char ...CORP hex 20201C8400434F525020202020202020 answers 30 char ...SRV2 hex 20202020008400535256322020202020 answers 40 char ..CORP hex 202020202020200400434F5250202020 answers 50 char ...CORP hex 20202020202020201B0400434F525020 answers 60 char ...COR hex 202020202020202020201E8400434F52 answers 70 char P .... hex 5020202020202020202020201D040001 answers 80 char .__MSBROWSE__... hex 025F5F4D5342524F5753455F5F020184 answers 90 char ....K|i......... hex 0000C09F4B7C69000000000000000000 answers a0 char ................ hex 00000000000000000000000000000000 answers b0 char ............... hex 000000000000000000000000000000 [2005/10/03 13:56:29, 10] libsmb/namequery.c:parse_node_status(70) SRV2#00: flags = 0x04 [2005/10/03 13:56:29, 10] libsmb/namequery.c:parse_node_status(70) CORP#1c: flags = 0x84 [2005/10/03 13:56:29, 10] libsmb/namequery.c:parse_node_status(70) CORP#00: flags = 0x84 [2005/10/03 13:56:29, 10] libsmb/namequery.c:parse_node_status(70) SRV2#20: flags = 0x04 [2005/10/03 13:56:29, 10] libsmb/namequery.c:parse_node_status(70) CORP#1b: flags = 0x04 [2005/10/03 13:56:29, 10] libsmb/namequery.c:parse_node_status(70) CORP#1e: flags = 0x84 [2005/10/03 13:56:29, 10] libsmb/namequery.c:parse_node_status(70) CORP#1d: flags = 0x04 [2005/10/03 13:56:29, 10] libsmb/namequery.c:parse_node_status(70) __MSBROWSE__#01: flags = 0x84 [2005/10/03 13:56:29, 10] libsmb/namequery.c:name_status_find(227) name_status_find: name found, name SRV2 ip address is 10.100.1.24 [2005/10/03 13:56:29, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(105) cm_get_ipc_userpass: No auth-user defined [2005/10/03 13:56:29, 10] passdb/secrets.c:secrets_named_mutex(759) secrets_named_mutex: got mutex for SRV2 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,183) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,183) wrote 183 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 180 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=180 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55297 smb_tid=0 smb_pid=2470 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=45696 (0xB280) smb_vwv[12]=56231 (0xDBA7) smb_vwv[13]=23799 (0x5CF7) smb_vwv[14]=50632 (0xC5C8) smb_vwv[15]=41985 (0xA401) smb_vwv[16]= 1 (0x1) smb_bcc=111 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] AE 2F 6C 69 9C 82 D8 4F 8A 6E F1 47 75 26 32 17 ./li...O .n.Gu&2. [010] 60 5D 06 06 2B 06 01 05 05 02 A0 53 30 51 A0 30 `]..+... ...S0Q.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 1D 30 1B A0 19 1B 17 73 72 76 32 24 40 43 4F ..0..... srv2$@CO [060] 52 50 2E 43 45 4E 54 45 52 49 53 2E 43 4F 4D RP.CENTE RIS.COM [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=180 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55297 smb_tid=0 smb_pid=2470 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=45696 (0xB280) smb_vwv[12]=56231 (0xDBA7) smb_vwv[13]=23799 (0x5CF7) smb_vwv[14]=50632 (0xC5C8) smb_vwv[15]=41985 (0xA401) smb_vwv[16]= 1 (0x1) smb_bcc=111 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] AE 2F 6C 69 9C 82 D8 4F 8A 6E F1 47 75 26 32 17 ./li...O .n.Gu&2. [010] 60 5D 06 06 2B 06 01 05 05 02 A0 53 30 51 A0 30 `]..+... ...S0Q.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 1D 30 1B A0 19 1B 17 73 72 76 32 24 40 43 4F ..0..... srv2$@CO [060] 52 50 2E 43 45 4E 54 45 52 49 53 2E 43 4F 4D RP.CENTE RIS.COM [2005/10/03 13:56:29, 4] lib/time.c:get_serverzone(125) Serverzone is 25200 [2005/10/03 13:56:29, 5] nsswitch/winbindd_cm.c:cm_prepare_connection(270) connecting to SRV2 from ARKADYLIN with kerberos principal [ARKADYLIN$@CORP.CENTERIS.COM] [2005/10/03 13:56:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(709) Doing spnego session setup (blob length=111) [2005/10/03 13:56:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(734) got OID=1 2 840 48018 1 2 2 [2005/10/03 13:56:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(734) got OID=1 2 840 113554 1 2 2 [2005/10/03 13:56:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(734) got OID=1 2 840 113554 1 2 2 3 [2005/10/03 13:56:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(734) got OID=1 3 6 1 4 1 311 2 2 10 [2005/10/03 13:56:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(743) got principal=srv2$@CORP.CENTERIS.COM [2005/10/03 13:56:29, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(532) Doing kerberos session setup [2005/10/03 13:56:29, 4] libsmb/clikrb5.c:ads_krb5_mk_req(400) ads_krb5_mk_req: Advancing clock by 18 seconds to cope with clock skew [2005/10/03 13:56:29, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(321) Ticket in ccache[MEMORY:cliconnect] expiration Mon, 03 Oct 2005 23:56:47 GMT [2005/10/03 13:56:29, 10] libsmb/clikrb5.c:ads_krb5_mk_req(411) ads_krb5_mk_req: Ticket (srv2$@CORP.CENTERIS.COM) in ccache (MEMORY:cliconnect) is valid until: (Mon, 03 Oct 2005 23:56:47 GMT - 1128409007) [2005/10/03 13:56:29, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(512) Got KRB5 session key of length 16 [2005/10/03 13:56:29, 5] libsmb/smb_signing.c:set_smb_signing_real_common(128) Mandatory SMB signing enabled! [2005/10/03 13:56:29, 5] libsmb/smb_signing.c:set_smb_signing_real_common(132) SMB signing enabled! [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_simple_set_signing(477) cli_simple_set_signing: user_session_key [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 6E 62 7D EF 69 98 AA 0E 35 B9 9A EF 61 D2 92 FD nb}.i... 5...a... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_simple_set_signing(485) cli_simple_set_signing: NULL response_data [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 0 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] F5 78 85 F4 53 FB 01 37 .x..S..7 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 1 mid = 2 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,1262) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,1262) wrote 1262 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 197 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=197 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=2470 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 197 (0xC5) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=154 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H [010] 82 F7 12 01 02 02 A2 02 04 00 88 57 00 69 00 6E ........ ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 1 mid = 2 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 1 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 1: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 2B 35 8C 9B 72 6A 74 C2 +5..rjt. [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=197 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=2470 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 197 (0xC5) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=154 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H [010] 82 F7 12 01 02 02 A2 02 04 00 88 57 00 69 00 6E ........ ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 2 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 87 60 84 08 82 74 A6 7A .`...t.z [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 3 mid = 3 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,76) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,76) wrote 76 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 48 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 49 50 43 00 00 00 00 IPC.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 3 mid = 3 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 3 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 3: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 11 9B C7 87 3F 90 5E 76 ....?.^v [2005/10/03 13:56:29, 10] passdb/secrets.c:secrets_named_mutex_release(771) secrets_named_mutex: released mutex for SRV2 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 4 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] CD 50 C7 21 70 68 D7 60 .P.!ph.` [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 5 mid = 4 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,104) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,104) wrote 104 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 103 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 768 (0x300) smb_vwv[ 3]= 384 (0x180) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 5 mid = 4 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 5 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 5: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 07 32 C3 BD 74 C4 EE E9 .2..t... [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1343) Bind RPC Pipe[8003]: \PIPE\lsarpc [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:valid_pipe_name(1237) Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... [010] 00 00 00 00 .... [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:valid_pipe_name(1240) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0010 max_tsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0012 max_rsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 assoc_gid: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_contexts: 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c context_id : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e num_transfer_syntaxes: 01 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 3919286a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : b10c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11d0 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9b a8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 00 c0 4f d9 2e f5 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000000 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 data : 8a885d04 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0038 data : 1ceb [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003a data : 11c9 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003c data : 9f e8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003e data : 08 00 2b 10 48 60 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 version: 00000002 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8003 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32771 (0x8003) smb_bcc=87 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 6 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] C4 BE F2 8F CC 3A A5 35 .....:.5 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 7 mid = 5 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,158) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,158) wrote 158 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 7 mid = 5 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 124 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 15 5A 08 00 0C 00 5C 50 49 50 45 ......Z. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 7 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 7: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 11 1B EB 88 35 F0 C9 76 ....5..v [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 15 5A 08 00 0C 00 5C 50 49 50 45 ......Z. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 68 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 68 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1419) rpc_pipe_bind: rpc_api_pipe returned OK. [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0010 max_tsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0012 max_rsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 assoc_gid: 00085a15 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0018 len: 000c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a str: \PIPE\lsass. [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0028 num_results: 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002c result : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002e reason : 0000 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 data : 8a885d04 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0034 data : 1ceb [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0036 data : 11c9 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0038 data : 9f e8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003a data : 08 00 2b 10 48 60 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 version: 00000002 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:check_bind_response(1293) bind_rpc_pipe: accepted! [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 ds_io_q_getprimdominfo [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 level: 0001 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x0 data_len: 0x1a [2005/10/03 13:56:29, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 1a auth_len: 0 alloc_hint: a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 001a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000000a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 0000 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8003 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32771 (0x8003) smb_bcc=41 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 0A ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 8 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 3D 4C 56 7D 4C 6F 81 A9 =LV}Lo.. [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 9 mid = 6 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,112) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,112) wrote 112 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 9 mid = 6 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 248 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=248 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 192 (0xC0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=193 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 1A 05 00 02 03 10 00 00 00 C0 00 00 00 02 00 00 ........ ........ [010] 00 A8 00 00 00 00 00 00 00 00 00 02 00 01 00 45 ........ .......E [020] 5C 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 \....... ........ [030] 00 0C 00 02 00 BD 18 DF 19 F4 F2 3A 45 82 FD 63 ........ ...:E..c [040] B0 2C 89 6A E1 05 00 00 00 00 00 00 00 05 00 00 .,.j.... ........ [050] 00 43 00 4F 00 52 00 50 00 00 00 00 00 12 00 00 .C.O.R.P ........ [060] 00 00 00 00 00 12 00 00 00 63 00 6F 00 72 00 70 ........ .c.o.r.p [070] 00 2E 00 63 00 65 00 6E 00 74 00 65 00 72 00 69 ...c.e.n .t.e.r.i [080] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 12 00 00 .s...c.o .m...... [090] 00 00 00 00 00 12 00 00 00 63 00 6F 00 72 00 70 ........ .c.o.r.p [0A0] 00 2E 00 63 00 65 00 6E 00 74 00 65 00 72 00 69 ...c.e.n .t.e.r.i [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 00 .s...c.o .m...... [0C0] 00 . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 9 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 9: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 99 09 1A 79 4D 9F FB 7C ...yM..| [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=248 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 192 (0xC0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=193 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 1A 05 00 02 03 10 00 00 00 C0 00 00 00 02 00 00 ........ ........ [010] 00 A8 00 00 00 00 00 00 00 00 00 02 00 01 00 45 ........ .......E [020] 5C 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 \....... ........ [030] 00 0C 00 02 00 BD 18 DF 19 F4 F2 3A 45 82 FD 63 ........ ...:E..c [040] B0 2C 89 6A E1 05 00 00 00 00 00 00 00 05 00 00 .,.j.... ........ [050] 00 43 00 4F 00 52 00 50 00 00 00 00 00 12 00 00 .C.O.R.P ........ [060] 00 00 00 00 00 12 00 00 00 63 00 6F 00 72 00 70 ........ .c.o.r.p [070] 00 2E 00 63 00 65 00 6E 00 74 00 65 00 72 00 69 ...c.e.n .t.e.r.i [080] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 12 00 00 .s...c.o .m...... [090] 00 00 00 00 00 12 00 00 00 63 00 6F 00 72 00 70 ........ .c.o.r.p [0A0] 00 2E 00 63 00 65 00 6E 00 74 00 65 00 72 00 69 ...c.e.n .t.e.r.i [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 00 .s...c.o .m...... [0C0] 00 . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 192 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 00c0 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 000000a8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 192 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 ds_io_r_getprimdominfo [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr: 00020000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c level: 0001 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e unknown0: 5c45 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0020 machine_role: 0005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0022 unknown: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 flags: 01000001 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 netbios_ptr: 00020004 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c dnsname_ptr: 00020008 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 forestname_ptr: 0002000c [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid domain_guid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 data : 19df18bd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0038 data : f2f4 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003a data : 453a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003c data : 82 fd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003e data : 63 b0 2c 89 6a e1 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_unistr2 netbios_domain [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 uni_max_len: 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0048 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c uni_str_len: 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0050 buffer : C.O.R.P... [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00005c smb_io_unistr2 dns_domain [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c uni_max_len: 00000012 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0060 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 uni_str_len: 00000012 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0068 buffer : c.o.r.p...c.e.n.t.e.r.i.s...c.o.m... [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00008c smb_io_unistr2 forest_domain [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 008c uni_max_len: 00000012 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0090 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0094 uni_str_len: 00000012 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0098 buffer : c.o.r.p...c.e.n.t.e.r.i.s...c.o.m... [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 00bc status: NT_STATUS_OK [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 10 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] AA 6F C0 39 3A FA 2C 78 .o.9:.,x [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 11 mid = 7 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,45) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,45) wrote 45 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 35 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=7 smt_wct=0 smb_bcc=0 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 11 mid = 7 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 11 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 11: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] F1 FF 3F 88 02 6D 0E 4C ..?..m.L [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 12 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] EB 73 4D DA 54 A9 0E 71 .sM.T..q [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 13 mid = 8 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,104) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,104) wrote 104 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 103 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 3328 (0xD00) smb_vwv[ 3]= 384 (0x180) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 13 mid = 8 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 13 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 13: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] EA 70 3D 18 5F E1 2B 8A .p=._.+. [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1343) Bind RPC Pipe[800d]: \PIPE\lsarpc [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:valid_pipe_name(1237) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:valid_pipe_name(1240) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0010 max_tsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0012 max_rsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 assoc_gid: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_contexts: 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c context_id : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e num_transfer_syntaxes: 01 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 12345778 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1234 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : abcd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : ef 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 01 23 45 67 89 ab [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000000 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 data : 8a885d04 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0038 data : 1ceb [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003a data : 11c9 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003c data : 9f e8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003e data : 08 00 2b 10 48 60 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 version: 00000002 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:800d [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32781 (0x800D) smb_bcc=87 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 14 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] EB 21 A1 AC 88 54 21 E5 .!...T!. [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 15 mid = 9 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,158) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,158) wrote 158 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 15 mid = 9 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 124 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... [010] 00 B8 10 B8 10 16 5A 08 00 0C 00 5C 50 49 50 45 ......Z. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 15 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 15: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 87 0D 7A B0 5E D4 60 F1 ..z.^.`. [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... [010] 00 B8 10 B8 10 16 5A 08 00 0C 00 5C 50 49 50 45 ......Z. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 68 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 68 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1419) rpc_pipe_bind: rpc_api_pipe returned OK. [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0010 max_tsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0012 max_rsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 assoc_gid: 00085a16 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0018 len: 000c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a str: \PIPE\lsass. [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0028 num_results: 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002c result : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002e reason : 0000 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 data : 8a885d04 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0034 data : 1ceb [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0036 data : 11c9 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0038 data : 9f e8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003a data : 08 00 2b 10 48 60 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 version: 00000002 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:check_bind_response(1293) bind_rpc_pipe: accepted! [2005/10/03 13:56:29, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(142) init_lsa_sec_qos [2005/10/03 13:56:29, 5] rpc_parse/parse_lsa.c:init_q_open_pol2(325) init_q_open_pol2: attr:0 da:33554432 [2005/10/03 13:56:29, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(193) init_lsa_obj_attr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr : 00000001 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000001 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000001 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : .. [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000012 lsa_io_obj_attr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 len : 00000018 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr_root_dir: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr_obj_name: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 attributes : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 ptr_sec_desc: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 ptr_sec_qos : 00000001 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002c lsa_io_obj_qos sec_qos [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c len : 0000000c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0030 sec_imp_level : 0002 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0032 sec_ctxt_mode : 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0033 effective_only: 00 [2005/10/03 13:56:29, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 des_access: 02000000 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x2c data_len: 0x50 [2005/10/03 13:56:29, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 50 auth_len: 0 alloc_hint: 40 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0050 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000040 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 002c [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:800d [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32781 (0x800D) smb_bcc=95 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 40 .......P .......@ [020] 00 00 00 00 00 2C 00 01 00 00 00 01 00 00 00 00 .....,.. ........ [030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ........ ........ [050] 00 00 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 16 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 0B 36 DA 92 86 BE CA 34 .6.....4 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 17 mid = 10 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,166) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,166) wrote 166 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 17 mid = 10 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 104 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 A9 BD CA ........ ........ [020] FA 65 F4 41 4D 9E 76 91 5A DA 3A 2A 4A 00 00 00 .e.AM.v. Z.:*J... [030] 00 . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 17 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 17: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 85 86 43 66 DA 45 B3 73 ..Cf.E.s [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 A9 BD CA ........ ........ [020] FA 65 F4 41 4D 9E 76 91 5A DA 3A 2A 4A 00 00 00 .e.AM.v. Z.:*J... [030] 00 . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 48 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 48 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 lsa_io_r_open_pol2 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_pol_hnd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 data1: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c data2: facabda9 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0020 data3: f465 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0022 data4: 4d41 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0024 data5: 9e 76 91 5a da 3a 2a 4a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 002c status: NT_STATUS_OK [2005/10/03 13:56:29, 5] rpc_parse/parse_lsa.c:init_q_query2(2231) init_q_query2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query_info2 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: facabda9 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: f465 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 4d41 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 9e 76 91 5a da 3a 2a 4a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 000c [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x2e data_len: 0x2e [2005/10/03 13:56:29, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000001e [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 002e [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:800d [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32781 (0x800D) smb_bcc=61 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 1E ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 A9 BD CA FA 65 ........ .......e [030] F4 41 4D 9E 76 91 5A DA 3A 2A 4A 0C 00 .AM.v.Z. :*J.. [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 18 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 23 89 BA 67 96 B9 DA 24 #..g...$ [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 19 mid = 11 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,132) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,132) wrote 132 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 19 mid = 11 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 280 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=280 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 224 (0xE0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 224 (0xE0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=225 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 2E 05 00 02 03 10 00 00 00 E0 00 00 00 05 00 00 ........ ........ [010] 00 C8 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ [020] 00 08 00 0A 00 04 00 02 00 22 00 24 00 08 00 02 ........ .".$.... [030] 00 22 00 24 00 0C 00 02 00 BD 18 DF 19 F4 F2 3A .".$.... .......: [040] 45 82 FD 63 B0 2C 89 6A E1 10 00 02 00 05 00 00 E..c.,.j ........ [050] 00 00 00 00 00 04 00 00 00 43 00 4F 00 52 00 50 ........ .C.O.R.P [060] 00 12 00 00 00 00 00 00 00 11 00 00 00 63 00 6F ........ .....c.o [070] 00 72 00 70 00 2E 00 63 00 65 00 6E 00 74 00 65 .r.p...c .e.n.t.e [080] 00 72 00 69 00 73 00 2E 00 63 00 6F 00 6D 00 00 .r.i.s.. .c.o.m.. [090] 00 12 00 00 00 00 00 00 00 11 00 00 00 63 00 6F ........ .....c.o [0A0] 00 72 00 70 00 2E 00 63 00 65 00 6E 00 74 00 65 .r.p...c .e.n.t.e [0B0] 00 72 00 69 00 73 00 2E 00 63 00 6F 00 6D 00 00 .r.i.s.. .c.o.m.. [0C0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [0D0] 00 06 6A EB 18 5A BB FE 46 A8 7F 47 83 00 00 00 ..j..Z.. F..G.... [0E0] 00 . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 19 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 19: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] D7 1D B1 19 6B DA 08 B4 ....k... [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=280 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 224 (0xE0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 224 (0xE0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=225 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 2E 05 00 02 03 10 00 00 00 E0 00 00 00 05 00 00 ........ ........ [010] 00 C8 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ [020] 00 08 00 0A 00 04 00 02 00 22 00 24 00 08 00 02 ........ .".$.... [030] 00 22 00 24 00 0C 00 02 00 BD 18 DF 19 F4 F2 3A .".$.... .......: [040] 45 82 FD 63 B0 2C 89 6A E1 10 00 02 00 05 00 00 E..c.,.j ........ [050] 00 00 00 00 00 04 00 00 00 43 00 4F 00 52 00 50 ........ .C.O.R.P [060] 00 12 00 00 00 00 00 00 00 11 00 00 00 63 00 6F ........ .....c.o [070] 00 72 00 70 00 2E 00 63 00 65 00 6E 00 74 00 65 .r.p...c .e.n.t.e [080] 00 72 00 69 00 73 00 2E 00 63 00 6F 00 6D 00 00 .r.i.s.. .c.o.m.. [090] 00 12 00 00 00 00 00 00 00 11 00 00 00 63 00 6F ........ .....c.o [0A0] 00 72 00 70 00 2E 00 63 00 65 00 6E 00 74 00 65 .r.p...c .e.n.t.e [0B0] 00 72 00 69 00 73 00 2E 00 63 00 6F 00 6D 00 00 .r.i.s.. .c.o.m.. [0C0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [0D0] 00 06 6A EB 18 5A BB FE 46 A8 7F 47 83 00 00 00 ..j..Z.. F..G.... [0E0] 00 . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 224 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 00e0 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 000000c8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 224 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 lsa_io_r_query_info2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr: 00020000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c info_class: 000c [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001e lsa_io_dns_dom_info info12 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_unihdr nb_name [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0020 uni_str_len: 0008 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0022 uni_max_len: 000a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 buffer : 00020004 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_unihdr dns_name [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 uni_str_len: 0022 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a uni_max_len: 0024 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c buffer : 00020008 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_unihdr forest [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0030 uni_str_len: 0022 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0032 uni_max_len: 0024 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 buffer : 0002000c [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_uuid dom_guid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 data : 19df18bd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003c data : f2f4 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003e data : 453a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0040 data : 82 fd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0042 data : 63 b0 2c 89 6a e1 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0048 dom_sid: 00020010 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 00004c smb_io_unistr2 nb_name [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c uni_max_len: 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 uni_str_len: 00000004 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0058 buffer : C.O.R.P. [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_unistr2 dns_name [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0060 uni_max_len: 00000012 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0068 uni_str_len: 00000011 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 006c buffer : c.o.r.p...c.e.n.t.e.r.i.s...c.o.m. [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 00008e smb_io_unistr2 forest [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0090 uni_max_len: 00000012 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0094 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0098 uni_str_len: 00000011 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 009c buffer : c.o.r.p...c.e.n.t.e.r.i.s...c.o.m. [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000be smb_io_dom_sid2 dom_sid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c0 num_auths: 00000004 [2005/10/03 13:56:29, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000c4 smb_io_dom_sid sid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c4 sid_rev_num: 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c5 num_auths : 04 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c6 id_auth[0] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c7 id_auth[1] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c8 id_auth[2] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c9 id_auth[3] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ca id_auth[4] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00cb id_auth[5] : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00cc sub_auths : 00000015 18eb6a06 46febb5a 83477fa8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 00dc status: NT_STATUS_OK [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 20 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] D7 EA 84 2E 67 87 26 33 ....g.&3 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 21 mid = 12 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,45) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,45) wrote 45 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 35 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=12 smt_wct=0 smb_bcc=0 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 21 mid = 12 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 21 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 21: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] EA 19 F9 E2 0D 5E 49 FD .....^I. [2005/10/03 13:56:29, 10] nsswitch/winbindd_cache.c:cache_store_response(1656) Storing response for pid 2470, len 1300 [2005/10/03 13:56:29, 4] nsswitch/winbindd_dual.c:fork_domain_child(527) child daemon request 17 [2005/10/03 13:56:29, 10] nsswitch/winbindd_dual.c:child_process_request(403) process_request: request fn LIST_TRUSTDOM [2005/10/03 13:56:29, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(124) [ 2469]: list trusted domains [2005/10/03 13:56:29, 10] nsswitch/winbindd_cache.c:trusted_domains(1548) trusted_domains: [Cached] - doing backend query for info for domain CORP [2005/10/03 13:56:29, 3] nsswitch/winbindd_ads.c:trusted_domains(816) ads: trusted_domains [2005/10/03 13:56:29, 4] passdb/secrets.c:secrets_fetch_trust_account_password(281) Using cleartext machine password [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 22 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 85 E7 55 D8 53 72 F3 5E ..U.Sr.^ [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 23 mid = 13 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,108) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,108) wrote 108 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 103 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=13 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 384 (0x180) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 23 mid = 13 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 23 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 23: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] B5 20 04 CE 26 78 91 DB . ..&x.. [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1343) Bind RPC Pipe[8002]: \PIPE\NETLOGON [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:valid_pipe_name(1237) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:valid_pipe_name(1240) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0010 max_tsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0012 max_rsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 assoc_gid: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_contexts: 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c context_id : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e num_transfer_syntaxes: 01 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 12345678 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1234 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : abcd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : ef 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 01 23 45 67 cf fb [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000001 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 data : 8a885d04 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0038 data : 1ceb [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003a data : 11c9 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003c data : 9f e8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003e data : 08 00 2b 10 48 60 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 version: 00000002 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=87 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 24 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] F6 07 FD 91 D9 B4 C1 7A .......z [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 25 mid = 14 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,158) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,158) wrote 158 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 25 mid = 14 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 124 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... [010] 00 B8 10 B8 10 17 5A 08 00 0C 00 5C 50 49 50 45 ......Z. ...\PIPE [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 25 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 25: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] D4 3E 7A 83 C0 19 E4 2A .>z....* [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... [010] 00 B8 10 B8 10 17 5A 08 00 0C 00 5C 50 49 50 45 ......Z. ...\PIPE [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 68 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 68 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1419) rpc_pipe_bind: rpc_api_pipe returned OK. [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0010 max_tsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0012 max_rsize: 10b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 assoc_gid: 00085a17 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0018 len: 000c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a str: \PIPE\lsass. [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0028 num_results: 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002c result : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002e reason : 0000 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 data : 8a885d04 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0034 data : 1ceb [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0036 data : 11c9 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0038 data : 9f e8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 003a data : 08 00 2b 10 48 60 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 version: 00000002 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:check_bind_response(1293) bind_rpc_pipe: accepted! [2005/10/03 13:56:29, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(94) cli_net_req_chal: LSA Request Challenge from ARKADYLIN to \\SRV2 [2005/10/03 13:56:29, 5] rpc_parse/parse_net.c:init_q_req_chal(676) init_q_req_chal: 676 [2005/10/03 13:56:29, 5] rpc_parse/parse_net.c:init_q_req_chal(685) init_q_req_chal: 685 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 00000001 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000007 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000007 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.S.R.V.2... [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001e smb_io_unistr2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 uni_max_len: 0000000a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 uni_str_len: 0000000a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 002c buffer : A.R.K.A.D.Y.L.I.N... [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_chal [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0040 data: 93 5e f6 36 1f 8f aa 82 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x4 data_len: 0x60 [2005/10/03 13:56:29, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 60 auth_len: 0 alloc_hint: 50 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0060 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000050 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 0004 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=111 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 07 00 00 00 50 .......` .......P [020] 00 00 00 00 00 04 00 01 00 00 00 07 00 00 00 00 ........ ........ [030] 00 00 00 07 00 00 00 5C 00 5C 00 53 00 52 00 56 .......\ .\.S.R.V [040] 00 32 00 00 00 00 00 0A 00 00 00 00 00 00 00 0A .2...... ........ [050] 00 00 00 41 00 52 00 4B 00 41 00 44 00 59 00 4C ...A.R.K .A.D.Y.L [060] 00 49 00 4E 00 00 00 93 5E F6 36 1F 8F AA 82 .I.N.... ^.6.... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 26 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 27 83 F9 2C 5F F5 7C 20 '..,_.| [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 27 mid = 15 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,182) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,182) wrote 182 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 27 mid = 15 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 92 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 60 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 `....... .$...... [010] 00 0C 00 00 00 00 00 00 00 9F 24 FF CA 21 39 A0 ........ ..$..!9. [020] 8E 00 00 00 00 ..... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 27 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 27: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] B6 36 3A 1E 20 46 D9 90 .6:. F.. [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 60 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 `....... .$...... [010] 00 0C 00 00 00 00 00 00 00 9F 24 FF CA 21 39 A0 ........ ..$..!9. [020] 8E 00 00 00 00 ..... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 36 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0024 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000000c [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 36 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_req_chal [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data: 9f 24 ff ca 21 39 a0 8e [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0020 status: NT_STATUS_OK [2005/10/03 13:56:29, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 935EF6361F8FAA82 [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : 9F24FFCA2139A08E [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : 3283F50140C84A11 [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_session_key(64) sess_key : B2F58CBF3DC290C6 [2005/10/03 13:56:29, 4] libsmb/credentials.c:cred_create(90) cred_create [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(92) sess_key : B2F58CBF3DC290C6 [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(93) stor_cred: 935EF6361F8FAA82 [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(95) timecred : 935EF6361F8FAA82 [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(96) calc_cred: 029E7CCB19A8FAE7 [2005/10/03 13:56:29, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(231) cli_net_auth2: srv:\\SRV2 acct:ARKADYLIN$ sc:2 mc: ARKADYLIN neg: 701ff [2005/10/03 13:56:29, 5] rpc_parse/parse_net.c:init_q_auth_2(797) init_q_auth_2: 797 [2005/10/03 13:56:29, 5] rpc_parse/parse_misc.c:init_log_info(1407) make_log_info 1407 [2005/10/03 13:56:29, 5] rpc_parse/parse_net.c:init_q_auth_2(803) init_q_auth_2: 803 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth_2 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_log_info [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 00000001 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000007 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000007 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.S.R.V.2... [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001e smb_io_unistr2 unistr2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 uni_max_len: 0000000b [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 uni_str_len: 0000000b [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 002c buffer : A.R.K.A.D.Y.L.I.N.$... [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0042 sec_chan: 0002 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_unistr2 unistr2 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 uni_max_len: 0000000a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0048 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c uni_str_len: 0000000a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0050 buffer : A.R.K.A.D.Y.L.I.N... [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000064 smb_io_chal [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0064 data: 02 9e 7c cb 19 a8 fa e7 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00006c net_io_neg_flags [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c neg_flags: 000701ff [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0xf data_len: 0x88 [2005/10/03 13:56:29, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 88 auth_len: 0 alloc_hint: 78 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0088 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000008 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000078 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 000f [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=218 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 136 (0x88) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=151 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 88 00 00 00 08 00 00 00 78 ........ .......x [020] 00 00 00 00 00 0F 00 01 00 00 00 07 00 00 00 00 ........ ........ [030] 00 00 00 07 00 00 00 5C 00 5C 00 53 00 52 00 56 .......\ .\.S.R.V [040] 00 32 00 00 00 00 00 0B 00 00 00 00 00 00 00 0B .2...... ........ [050] 00 00 00 41 00 52 00 4B 00 41 00 44 00 59 00 4C ...A.R.K .A.D.Y.L [060] 00 49 00 4E 00 24 00 00 00 02 00 0A 00 00 00 00 .I.N.$.. ........ [070] 00 00 00 0A 00 00 00 41 00 52 00 4B 00 41 00 44 .......A .R.K.A.D [080] 00 59 00 4C 00 49 00 4E 00 00 00 02 9E 7C CB 19 .Y.L.I.N .....|.. [090] A8 FA E7 FF 01 07 00 ....... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 28 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 57 2E 04 F7 58 E4 AB 05 W...X... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 29 mid = 16 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,222) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,222) wrote 222 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 29 mid = 16 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 16, reply_seq_num = 29, send_seq_num = 28 data->send_seq_num = 30 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 96 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 88 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D3 30 E8 8D 76 BD 49 ........ ..0..v.I [020] 2E FF 01 07 00 00 00 00 00 ........ . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 29 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 29: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 89 09 EF 12 19 31 3E 6D .....1>m [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 88 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D3 30 E8 8D 76 BD 49 ........ ..0..v.I [020] 2E FF 01 07 00 00 00 00 00 ........ . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 16, reply_seq_num = 29, send_seq_num = 28 data->send_seq_num = 30 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 40 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0028 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000008 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000010 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 40 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_auth_2 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data: d3 30 e8 8d 76 bd 49 2e [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 net_io_neg_flags [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 neg_flags: 000701ff [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0024 status: NT_STATUS_OK [2005/10/03 13:56:29, 4] libsmb/credentials.c:cred_create(90) cred_create [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(92) sess_key : B2F58CBF3DC290C6 [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(93) stor_cred: 9F24FFCA2139A08E [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(95) timecred : 9F24FFCA2139A08E [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_create(96) calc_cred: D330E88D76BD492E [2005/10/03 13:56:29, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_assert(123) challenge : D330E88D76BD492E [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_assert(124) calculated: D330E88D76BD492E [2005/10/03 13:56:29, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 ds_io_q_enum_domain_trusts [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 server_ptr: 00000001 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 server [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : S.R.V.2... [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c flags: 00000003 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x28 data_len: 0x38 [2005/10/03 13:56:29, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 38 auth_len: 0 alloc_hint: 28 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0038 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000009 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000028 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 0028 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=138 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=71 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 38 00 00 00 09 00 00 00 28 .......8 .......( [020] 00 00 00 00 00 28 00 01 00 00 00 05 00 00 00 00 .....(.. ........ [030] 00 00 00 05 00 00 00 53 00 52 00 56 00 32 00 00 .......S .R.V.2.. [040] 00 00 00 03 00 00 00 ....... [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 30 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 97 BA 52 A6 33 EF 53 9B ..R.3.S. [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 31 mid = 17 [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,142) [2005/10/03 13:56:29, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,142) wrote 142 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 31 mid = 17 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 17, reply_seq_num = 31, send_seq_num = 30 data->send_seq_num = 32 [2005/10/03 13:56:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 240 [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 184 (0xB8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=185 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 38 05 00 02 03 10 00 00 00 B8 00 00 00 09 00 00 8....... ........ [010] 00 A0 00 00 00 00 00 00 00 01 00 00 00 00 00 02 ........ ........ [020] 00 01 00 00 00 04 00 02 00 08 00 02 00 1D 00 00 ........ ........ [030] 00 00 00 00 00 02 00 00 00 00 00 00 00 0C 00 02 ........ ........ [040] 00 BD 18 DF 19 F4 F2 3A 45 82 FD 63 B0 2C 89 6A .......: E..c.,.j [050] E1 05 00 00 00 00 00 00 00 05 00 00 00 43 00 4F ........ .....C.O [060] 00 52 00 50 00 00 00 00 00 12 00 00 00 00 00 00 .R.P.... ........ [070] 00 12 00 00 00 63 00 6F 00 72 00 70 00 2E 00 63 .....c.o .r.p...c [080] 00 65 00 6E 00 74 00 65 00 72 00 69 00 73 00 2E .e.n.t.e .r.i.s.. [090] 00 63 00 6F 00 6D 00 00 00 04 00 00 00 01 04 00 .c.o.m.. ........ [0A0] 00 00 00 00 05 15 00 00 00 06 6A EB 18 5A BB FE ........ ..j..Z.. [0B0] 46 A8 7F 47 83 00 00 00 00 F..G.... . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 31 [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 31: got good SMB signature of [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] AA 4F BA E1 45 7F B3 53 .O..E..S [2005/10/03 13:56:29, 5] lib/util.c:show_msg(454) [2005/10/03 13:56:29, 5] lib/util.c:show_msg(464) size=240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 184 (0xB8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=185 [2005/10/03 13:56:29, 10] lib/util.c:dump_data(2053) [000] 38 05 00 02 03 10 00 00 00 B8 00 00 00 09 00 00 8....... ........ [010] 00 A0 00 00 00 00 00 00 00 01 00 00 00 00 00 02 ........ ........ [020] 00 01 00 00 00 04 00 02 00 08 00 02 00 1D 00 00 ........ ........ [030] 00 00 00 00 00 02 00 00 00 00 00 00 00 0C 00 02 ........ ........ [040] 00 BD 18 DF 19 F4 F2 3A 45 82 FD 63 B0 2C 89 6A .......: E..c.,.j [050] E1 05 00 00 00 00 00 00 00 05 00 00 00 43 00 4F ........ .....C.O [060] 00 52 00 50 00 00 00 00 00 12 00 00 00 00 00 00 .R.P.... ........ [070] 00 12 00 00 00 63 00 6F 00 72 00 70 00 2E 00 63 .....c.o .r.p...c [080] 00 65 00 6E 00 74 00 65 00 72 00 69 00 73 00 2E .e.n.t.e .r.i.s.. [090] 00 63 00 6F 00 6D 00 00 00 04 00 00 00 01 04 00 .c.o.m.. ........ [0A0] 00 00 00 00 05 15 00 00 00 06 6A EB 18 5A BB FE ........ ..j..Z.. [0B0] 46 A8 7F 47 83 00 00 00 00 F..G.... . [2005/10/03 13:56:29, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 17, reply_seq_num = 31, send_seq_num = 30 data->send_seq_num = 32 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 184 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 00b8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000009 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 000000a0 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 13:56:29, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 184 [2005/10/03 13:56:29, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 ds_io_r_enum_domain_trusts [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_domains: 00000001 [2005/10/03 13:56:29, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c ds_io_dom_trusts_ctr domains [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr: 00020000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 max_count: 00000001 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 ds_io_dom_trusts_ctr domain_trusts [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 netbios_ptr: 00020004 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 dns_ptr: 00020008 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c flags: 0000001d [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 parent_index: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 trust_type: 00000002 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 trust_attributes: 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c sid_ptr: 0002000c [2005/10/03 13:56:29, 8] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_uuid guid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 data : 19df18bd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0044 data : f2f4 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0046 data : 453a [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0048 data : 82 fd [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 004a data : 63 b0 2c 89 6a e1 [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_unistr2 netbios_domain [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 uni_max_len: 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0058 uni_str_len: 00000005 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 005c buffer : C.O.R.P... [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_unistr2 dns_domain [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0068 uni_max_len: 00000012 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c offset : 00000000 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 uni_str_len: 00000012 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0074 buffer : c.o.r.p...c.e.n.t.e.r.i.s...c.o.m... [2005/10/03 13:56:29, 7] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_dom_sid2 sid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0098 num_auths: 00000004 [2005/10/03 13:56:29, 8] rpc_parse/parse_prs.c:prs_debug(82) 00009c smb_io_dom_sid sid [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009c sid_rev_num: 01 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009d num_auths : 04 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009e id_auth[0] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009f id_auth[1] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a0 id_auth[2] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a1 id_auth[3] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a2 id_auth[4] : 00 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a3 id_auth[5] : 05 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00a4 sub_auths : 00000015 18eb6a06 46febb5a 83477fa8 [2005/10/03 13:56:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 00b4 status: NT_STATUS_OK [2005/10/03 13:56:29, 10] nsswitch/winbindd_cache.c:cache_store_response(1656) Storing response for pid 2470, len 1364 [2005/10/03 13:56:29, 10] nsswitch/winbindd_cache.c:cache_store_response(1670) Storing extra data: len=64 [2005/10/03 13:58:01, 4] nsswitch/winbindd_dual.c:fork_domain_child(527) child daemon request 32 [2005/10/03 13:58:01, 10] nsswitch/winbindd_dual.c:child_process_request(403) process_request: request fn GETDCNAME [2005/10/03 13:58:01, 3] nsswitch/winbindd_misc.c:winbindd_dual_getdcname(179) [ 2469]: Get DC name for ARKADYLIN [2005/10/03 13:58:01, 5] rpc_parse/parse_net.c:init_net_q_getdcname(488) init_r_getdcname [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_getdcname [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr_logon_server: 00000001 [2005/10/03 13:58:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 logon_server [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000005 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000005 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : S.R.V.2... [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr_domainname: 00000001 [2005/10/03 13:58:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_unistr2 domainname [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 uni_max_len: 0000000a [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 offset : 00000000 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 uni_str_len: 0000000a [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 002c buffer : A.R.K.A.D.Y.L.I.N... [2005/10/03 13:58:01, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0xd data_len: 0x58 [2005/10/03 13:58:01, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 58 auth_len: 0 alloc_hint: 48 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0058 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000a [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000048 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 000d [2005/10/03 13:58:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 13:58:01, 5] lib/util.c:show_msg(454) [2005/10/03 13:58:01, 5] lib/util.c:show_msg(464) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=103 [2005/10/03 13:58:01, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 00 00 0A 00 00 00 48 .......X .......H [020] 00 00 00 00 00 0D 00 01 00 00 00 05 00 00 00 00 ........ ........ [030] 00 00 00 05 00 00 00 53 00 52 00 56 00 32 00 00 .......S .R.V.2.. [040] 00 00 00 01 00 00 00 0A 00 00 00 00 00 00 00 0A ........ ........ [050] 00 00 00 41 00 52 00 4B 00 41 00 44 00 59 00 4C ...A.R.K .A.D.Y.L [060] 00 49 00 4E 00 00 00 .I.N... [2005/10/03 13:58:01, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 32 [2005/10/03 13:58:01, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 13:58:01, 10] lib/util.c:dump_data(2053) [000] D3 05 EF 0F 2C 23 DD 2D ....,#.- [2005/10/03 13:58:01, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 33 mid = 18 [2005/10/03 13:58:01, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,174) [2005/10/03 13:58:01, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,174) wrote 174 [2005/10/03 13:58:01, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 33 mid = 18 [2005/10/03 13:58:01, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 18, reply_seq_num = 33, send_seq_num = 32 data->send_seq_num = 34 [2005/10/03 13:58:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 88 [2005/10/03 13:58:01, 5] lib/util.c:show_msg(454) [2005/10/03 13:58:01, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2005/10/03 13:58:01, 10] lib/util.c:dump_data(2053) [000] 58 05 00 02 03 10 00 00 00 20 00 00 00 0A 00 00 X....... . ...... [010] 00 08 00 00 00 00 00 00 00 00 00 00 00 4B 05 00 ........ .....K.. [020] 00 . [2005/10/03 13:58:01, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 33 [2005/10/03 13:58:01, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 33: got good SMB signature of [2005/10/03 13:58:01, 10] lib/util.c:dump_data(2053) [000] BF F3 6E A1 F0 0B E3 FC ..n..... [2005/10/03 13:58:01, 5] lib/util.c:show_msg(454) [2005/10/03 13:58:01, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2005/10/03 13:58:01, 10] lib/util.c:dump_data(2053) [000] 58 05 00 02 03 10 00 00 00 20 00 00 00 0A 00 00 X....... . ...... [010] 00 08 00 00 00 00 00 00 00 00 00 00 00 4B 05 00 ........ .....K.. [020] 00 . [2005/10/03 13:58:01, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 18, reply_seq_num = 33, send_seq_num = 32 data->send_seq_num = 34 [2005/10/03 13:58:01, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 32 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0020 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000a [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000008 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 13:58:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 32 [2005/10/03 13:58:01, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_getdcname [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr_dcname: 00000000 [2005/10/03 13:58:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unistr2 - NULL dcname [2005/10/03 13:58:01, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 001c status: NT code 0x0000054b [2005/10/03 13:58:01, 5] nsswitch/winbindd_misc.c:winbindd_dual_getdcname(200) Error requesting DCname: NT code 0x0000054b [2005/10/03 14:01:26, 4] nsswitch/winbindd_dual.c:fork_domain_child(527) child daemon request 17 [2005/10/03 14:01:26, 10] nsswitch/winbindd_dual.c:child_process_request(403) process_request: request fn LIST_TRUSTDOM [2005/10/03 14:01:26, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(124) [ 2469]: list trusted domains [2005/10/03 14:01:26, 10] nsswitch/winbindd_cache.c:trusted_domains(1548) trusted_domains: [Cached] - doing backend query for info for domain CORP [2005/10/03 14:01:26, 3] nsswitch/winbindd_ads.c:trusted_domains(816) ads: trusted_domains [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 ds_io_q_enum_domain_trusts [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 server_ptr: 00000001 [2005/10/03 14:01:26, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 server [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000005 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000005 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : S.R.V.2... [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c flags: 00000003 [2005/10/03 14:01:26, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x28 data_len: 0x38 [2005/10/03 14:01:26, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 38 auth_len: 0 alloc_hint: 28 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0038 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000b [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000028 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 0028 [2005/10/03 14:01:26, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 14:01:26, 5] lib/util.c:show_msg(454) [2005/10/03 14:01:26, 5] lib/util.c:show_msg(464) size=138 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=71 [2005/10/03 14:01:26, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 38 00 00 00 0B 00 00 00 28 .......8 .......( [020] 00 00 00 00 00 28 00 01 00 00 00 05 00 00 00 00 .....(.. ........ [030] 00 00 00 05 00 00 00 53 00 52 00 56 00 32 00 00 .......S .R.V.2.. [040] 00 00 00 03 00 00 00 ....... [2005/10/03 14:01:26, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 34 [2005/10/03 14:01:26, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 14:01:26, 10] lib/util.c:dump_data(2053) [000] EA E5 9B F2 58 DF B8 80 ....X... [2005/10/03 14:01:26, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 35 mid = 19 [2005/10/03 14:01:26, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,142) [2005/10/03 14:01:26, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,142) wrote 142 [2005/10/03 14:01:26, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 35 mid = 19 [2005/10/03 14:01:26, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 19, reply_seq_num = 35, send_seq_num = 34 data->send_seq_num = 36 [2005/10/03 14:01:26, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 240 [2005/10/03 14:01:26, 5] lib/util.c:show_msg(454) [2005/10/03 14:01:26, 5] lib/util.c:show_msg(464) size=240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 184 (0xB8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=185 [2005/10/03 14:01:26, 10] lib/util.c:dump_data(2053) [000] 38 05 00 02 03 10 00 00 00 B8 00 00 00 0B 00 00 8....... ........ [010] 00 A0 00 00 00 00 00 00 00 01 00 00 00 00 00 02 ........ ........ [020] 00 01 00 00 00 04 00 02 00 08 00 02 00 1D 00 00 ........ ........ [030] 00 00 00 00 00 02 00 00 00 00 00 00 00 0C 00 02 ........ ........ [040] 00 BD 18 DF 19 F4 F2 3A 45 82 FD 63 B0 2C 89 6A .......: E..c.,.j [050] E1 05 00 00 00 00 00 00 00 05 00 00 00 43 00 4F ........ .....C.O [060] 00 52 00 50 00 00 00 47 83 12 00 00 00 00 00 00 .R.P...G ........ [070] 00 12 00 00 00 63 00 6F 00 72 00 70 00 2E 00 63 .....c.o .r.p...c [080] 00 65 00 6E 00 74 00 65 00 72 00 69 00 73 00 2E .e.n.t.e .r.i.s.. [090] 00 63 00 6F 00 6D 00 00 00 04 00 00 00 01 04 00 .c.o.m.. ........ [0A0] 00 00 00 00 05 15 00 00 00 06 6A EB 18 5A BB FE ........ ..j..Z.. [0B0] 46 A8 7F 47 83 00 00 00 00 F..G.... . [2005/10/03 14:01:26, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 35 [2005/10/03 14:01:26, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 35: got good SMB signature of [2005/10/03 14:01:26, 10] lib/util.c:dump_data(2053) [000] AB 9F 13 7B 08 E2 6A 25 ...{..j% [2005/10/03 14:01:26, 5] lib/util.c:show_msg(454) [2005/10/03 14:01:26, 5] lib/util.c:show_msg(464) size=240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 184 (0xB8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=185 [2005/10/03 14:01:26, 10] lib/util.c:dump_data(2053) [000] 38 05 00 02 03 10 00 00 00 B8 00 00 00 0B 00 00 8....... ........ [010] 00 A0 00 00 00 00 00 00 00 01 00 00 00 00 00 02 ........ ........ [020] 00 01 00 00 00 04 00 02 00 08 00 02 00 1D 00 00 ........ ........ [030] 00 00 00 00 00 02 00 00 00 00 00 00 00 0C 00 02 ........ ........ [040] 00 BD 18 DF 19 F4 F2 3A 45 82 FD 63 B0 2C 89 6A .......: E..c.,.j [050] E1 05 00 00 00 00 00 00 00 05 00 00 00 43 00 4F ........ .....C.O [060] 00 52 00 50 00 00 00 47 83 12 00 00 00 00 00 00 .R.P...G ........ [070] 00 12 00 00 00 63 00 6F 00 72 00 70 00 2E 00 63 .....c.o .r.p...c [080] 00 65 00 6E 00 74 00 65 00 72 00 69 00 73 00 2E .e.n.t.e .r.i.s.. [090] 00 63 00 6F 00 6D 00 00 00 04 00 00 00 01 04 00 .c.o.m.. ........ [0A0] 00 00 00 00 05 15 00 00 00 06 6A EB 18 5A BB FE ........ ..j..Z.. [0B0] 46 A8 7F 47 83 00 00 00 00 F..G.... . [2005/10/03 14:01:26, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 19, reply_seq_num = 35, send_seq_num = 34 data->send_seq_num = 36 [2005/10/03 14:01:26, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 184 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 00b8 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000b [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 000000a0 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 14:01:26, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 184 [2005/10/03 14:01:26, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 ds_io_r_enum_domain_trusts [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_domains: 00000001 [2005/10/03 14:01:26, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c ds_io_dom_trusts_ctr domains [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr: 00020000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 max_count: 00000001 [2005/10/03 14:01:26, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 ds_io_dom_trusts_ctr domain_trusts [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 netbios_ptr: 00020004 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 dns_ptr: 00020008 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c flags: 0000001d [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 parent_index: 00000000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 trust_type: 00000002 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 trust_attributes: 00000000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c sid_ptr: 0002000c [2005/10/03 14:01:26, 8] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_uuid guid [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 data : 19df18bd [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0044 data : f2f4 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0046 data : 453a [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0048 data : 82 fd [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 004a data : 63 b0 2c 89 6a e1 [2005/10/03 14:01:26, 7] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_unistr2 netbios_domain [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 uni_max_len: 00000005 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 offset : 00000000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0058 uni_str_len: 00000005 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 005c buffer : C.O.R.P... [2005/10/03 14:01:26, 7] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_unistr2 dns_domain [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0068 uni_max_len: 00000012 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c offset : 00000000 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 uni_str_len: 00000012 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0074 buffer : c.o.r.p...c.e.n.t.e.r.i.s...c.o.m... [2005/10/03 14:01:26, 7] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_dom_sid2 sid [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0098 num_auths: 00000004 [2005/10/03 14:01:26, 8] rpc_parse/parse_prs.c:prs_debug(82) 00009c smb_io_dom_sid sid [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009c sid_rev_num: 01 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009d num_auths : 04 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009e id_auth[0] : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009f id_auth[1] : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a0 id_auth[2] : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a1 id_auth[3] : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a2 id_auth[4] : 00 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a3 id_auth[5] : 05 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00a4 sub_auths : 00000015 18eb6a06 46febb5a 83477fa8 [2005/10/03 14:01:26, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 00b4 status: NT_STATUS_OK [2005/10/03 14:01:26, 10] nsswitch/winbindd_cache.c:cache_store_response(1656) Storing response for pid 2470, len 1364 [2005/10/03 14:01:26, 10] nsswitch/winbindd_cache.c:cache_store_response(1670) Storing extra data: len=64 [2005/10/03 14:05:15, 4] nsswitch/winbindd_dual.c:fork_domain_child(527) child daemon request 13 [2005/10/03 14:05:15, 10] nsswitch/winbindd_dual.c:child_process_request(403) process_request: request fn AUTH_CRAP [2005/10/03 14:05:15, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(604) [ 2469]: pam auth crap domain: CORP user: aglabek [2005/10/03 14:05:15, 8] lib/util.c:is_myname(1874) is_myname("CORP") returns 0 [2005/10/03 14:05:15, 4] libsmb/credentials.c:cred_create(90) cred_create [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(92) sess_key : B2F58CBF3DC290C6 [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(93) stor_cred: 029E7CCB19A8FAE7 [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(94) timestamp: 43419d0b [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(95) timecred : 0D3BBE0E19A8FAE7 [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(96) calc_cred: 4B1BE88D5D21BF62 [2005/10/03 14:05:15, 5] rpc_parse/parse_net.c:init_id_info2(1178) init_id_info2: 1178 [2005/10/03 14:05:15, 5] rpc_parse/parse_misc.c:init_logon_id(1586) make_logon_id: 1586 [2005/10/03 14:05:15, 5] rpc_parse/parse_net.c:init_sam_info(1272) init_sam_info: 1272 [2005/10/03 14:05:15, 5] rpc_parse/parse_misc.c:init_clnt_info2(1501) make_clnt_info: 1501 [2005/10/03 14:05:15, 5] rpc_parse/parse_misc.c:init_clnt_srv(1346) init_clnt_srv: 1346 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_sam_logon [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_sam_info [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_clnt_info2 [2005/10/03 14:05:15, 8] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_clnt_srv [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer : 00000001 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000007 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000007 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.S.R.V.2... [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 undoc_buffer2: 00000001 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unistr2 unistr2 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 uni_max_len: 0000000a [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c uni_str_len: 0000000a [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0030 buffer : A.R.K.A.D.Y.L.I.N... [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 ptr_cred: 00000001 [2005/10/03 14:05:15, 8] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_cred [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_chal [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0048 data: 4b 1b e8 8d 5d 21 bf 62 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_utime [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 time: 43419d0b [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 ptr_rtn_cred : 00000001 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_cred [2005/10/03 14:05:15, 8] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_chal [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0058 data: 00 00 00 00 00 00 00 00 [2005/10/03 14:05:15, 8] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_utime [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0060 time: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0064 logon_level : 0002 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000066 smb_io_sam_info logon_info [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0066 switch_value : 0002 [2005/10/03 14:05:15, 8] rpc_parse/parse_prs.c:prs_debug(82) 000068 net_io_id_info2 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0068 ptr_id_info2: 00000001 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 00006c smb_io_unihdr unihdr [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006c uni_str_len: 0008 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006e uni_max_len: 0008 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 buffer : 00000001 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 param_ctrl: 00000000 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_logon_id [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0078 low : 0000dead [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c high: 0000beef [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_unihdr unihdr [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0080 uni_str_len: 000e [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0082 uni_max_len: 000e [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0084 buffer : 00000001 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000088 smb_io_unihdr unihdr [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0088 uni_str_len: 0016 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 008a uni_max_len: 0016 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 008c buffer : 00000001 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0090 lm_chal: ee c7 32 8d 90 d5 9f d0 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_strhdr hdr_nt_chal_resp [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0098 str_str_len: 0018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009a str_max_len: 0018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 009c buffer : 00000001 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 smb_io_strhdr hdr_lm_chal_resp [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00a0 str_str_len: 0018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00a2 str_max_len: 0018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a4 buffer : 00000001 [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000a8 smb_io_unistr2 uni_domain_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a8 uni_max_len: 00000004 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ac offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b0 uni_str_len: 00000004 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00b4 buffer : C.O.R.P. [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000bc smb_io_unistr2 uni_user_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc uni_max_len: 00000007 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c0 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c4 uni_str_len: 00000007 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00c8 buffer : a.g.l.a.b.e.k. [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000d6 smb_io_unistr2 uni_wksta_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d8 uni_max_len: 0000000b [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e0 uni_str_len: 0000000b [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00e4 buffer : \.\.A.R.K.A.D.Y.L.I.N. [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000fa smb_io_string2 nt_chal_resp [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00fc str_max_len: 00000018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0100 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0104 str_str_len: 00000018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_string2(1001) 0108 buffer : ...u[.C&..g...K.+....... [2005/10/03 14:05:15, 9] rpc_parse/parse_prs.c:prs_debug(82) 000120 smb_io_string2 lm_chal_resp [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0120 str_max_len: 00000018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0124 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0128 str_str_len: 00000018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_string2(1001) 012c buffer : .d..x:m..Om.K.o...Mp'..R [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0144 validation_level: 0003 [2005/10/03 14:05:15, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x2 data_len: 0x15e [2005/10/03 14:05:15, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 15e auth_len: 0 alloc_hint: 14e [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 015e [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000c [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000014e [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 0002 [2005/10/03 14:05:15, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 14:05:15, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:15, 5] lib/util.c:show_msg(464) size=432 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 350 (0x15E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 350 (0x15E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=365 [2005/10/03 14:05:15, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5E 01 00 00 0C 00 00 00 4E .......^ .......N [020] 01 00 00 00 00 02 00 01 00 00 00 07 00 00 00 00 ........ ........ [030] 00 00 00 07 00 00 00 5C 00 5C 00 53 00 52 00 56 .......\ .\.S.R.V [040] 00 32 00 00 00 00 00 01 00 00 00 0A 00 00 00 00 .2...... ........ [050] 00 00 00 0A 00 00 00 41 00 52 00 4B 00 41 00 44 .......A .R.K.A.D [060] 00 59 00 4C 00 49 00 4E 00 00 00 01 00 00 00 4B .Y.L.I.N .......K [070] 1B E8 8D 5D 21 BF 62 0B 9D 41 43 01 00 00 00 00 ...]!.b. .AC..... [080] 00 00 00 00 00 00 00 00 00 00 00 02 00 02 00 01 ........ ........ [090] 00 00 00 08 00 08 00 01 00 00 00 00 00 00 00 AD ........ ........ [0A0] DE 00 00 EF BE 00 00 0E 00 0E 00 01 00 00 00 16 ........ ........ [0B0] 00 16 00 01 00 00 00 EE C7 32 8D 90 D5 9F D0 18 ........ .2...... [0C0] 00 18 00 01 00 00 00 18 00 18 00 01 00 00 00 04 ........ ........ [0D0] 00 00 00 00 00 00 00 04 00 00 00 43 00 4F 00 52 ........ ...C.O.R [0E0] 00 50 00 07 00 00 00 00 00 00 00 07 00 00 00 61 .P...... .......a [0F0] 00 67 00 6C 00 61 00 62 00 65 00 6B 00 00 00 0B .g.l.a.b .e.k.... [100] 00 00 00 00 00 00 00 0B 00 00 00 5C 00 5C 00 41 ........ ...\.\.A [110] 00 52 00 4B 00 41 00 44 00 59 00 4C 00 49 00 4E .R.K.A.D .Y.L.I.N [120] 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 D7 ........ ........ [130] 08 FD 75 5B 97 43 26 A9 BD 67 A3 F3 92 4B 03 2B ..u[.C&. .g...K.+ [140] 0B CB E5 B2 97 C7 A6 18 00 00 00 00 00 00 00 18 ........ ........ [150] 00 00 00 05 64 CB 8D 78 3A 6D 14 AC 4F 6D 10 4B ....d..x :m..Om.K [160] F3 6F F8 FE CC 4D 70 27 CA E1 52 03 00 .o...Mp' ..R.. [2005/10/03 14:05:15, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 36 [2005/10/03 14:05:15, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 14:05:15, 10] lib/util.c:dump_data(2053) [000] 67 C3 46 53 EC 99 C0 B6 g.FS.... [2005/10/03 14:05:15, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 37 mid = 20 [2005/10/03 14:05:15, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,436) [2005/10/03 14:05:15, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,436) wrote 436 [2005/10/03 14:05:15, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 37 mid = 20 [2005/10/03 14:05:15, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 20, reply_seq_num = 37, send_seq_num = 36 data->send_seq_num = 38 [2005/10/03 14:05:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 424 [2005/10/03 14:05:15, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:15, 5] lib/util.c:show_msg(464) size=424 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 368 (0x170) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 368 (0x170) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=369 [2005/10/03 14:05:15, 10] lib/util.c:dump_data(2053) [000] 5E 05 00 02 03 10 00 00 00 70 01 00 00 0C 00 00 ^....... .p...... [010] 00 58 01 00 00 00 00 00 00 00 00 02 00 E5 57 7F .X...... ......W. [020] 82 FA 59 25 FF 00 00 00 00 03 00 00 00 04 00 02 ..Y%.... ........ [030] 00 EC B2 49 33 4B C8 C5 01 FF FF FF FF FF FF FF ...I3K.. ........ [040] 7F FF FF FF FF FF FF FF 7F DE 75 3C 0F 5E C8 C5 ........ ..u<.^.. [050] 01 DE 35 A6 39 27 C9 C5 01 DE 75 3C 0F 1E EA C5 ..5.9'.. ..u<.... [060] 01 0E 00 10 00 08 00 02 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 99 00 00 00 B6 05 00 00 01 02 00 00 01 00 00 ........ ........ [0A0] 00 0C 00 02 00 20 01 00 00 F2 83 EE AE 8E 42 D8 ..... .. ......B. [0B0] 78 67 8C 54 64 37 0D FA 14 08 00 0A 00 10 00 02 xg.Td7.. ........ [0C0] 00 08 00 0A 00 14 00 02 00 18 00 02 00 F2 83 EE ........ ........ [0D0] AE 8E 42 D8 78 10 00 00 00 00 00 00 00 00 00 00 ..B.x... ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [100] 00 00 00 00 00 07 00 00 00 61 00 67 00 6C 00 61 ........ .a.g.l.a [110] 00 62 00 65 00 6B 00 00 00 01 00 00 00 01 02 00 .b.e.k.. ........ [120] 00 07 00 00 00 05 00 00 00 00 00 00 00 04 00 00 ........ ........ [130] 00 53 00 52 00 56 00 32 00 05 00 00 00 00 00 00 .S.R.V.2 ........ [140] 00 04 00 00 00 43 00 4F 00 52 00 50 00 04 00 00 .....C.O .R.P.... [150] 00 01 04 00 00 00 00 00 05 15 00 00 00 06 6A EB ........ ......j. [160] 18 5A BB FE 46 A8 7F 47 83 01 00 00 00 00 00 00 .Z..F..G ........ [170] 00 . [2005/10/03 14:05:15, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 37 [2005/10/03 14:05:15, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 37: got good SMB signature of [2005/10/03 14:05:15, 10] lib/util.c:dump_data(2053) [000] 9F 92 5B BC 1F 1A 05 6F ..[....o [2005/10/03 14:05:15, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:15, 5] lib/util.c:show_msg(464) size=424 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 368 (0x170) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 368 (0x170) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=369 [2005/10/03 14:05:15, 10] lib/util.c:dump_data(2053) [000] 5E 05 00 02 03 10 00 00 00 70 01 00 00 0C 00 00 ^....... .p...... [010] 00 58 01 00 00 00 00 00 00 00 00 02 00 E5 57 7F .X...... ......W. [020] 82 FA 59 25 FF 00 00 00 00 03 00 00 00 04 00 02 ..Y%.... ........ [030] 00 EC B2 49 33 4B C8 C5 01 FF FF FF FF FF FF FF ...I3K.. ........ [040] 7F FF FF FF FF FF FF FF 7F DE 75 3C 0F 5E C8 C5 ........ ..u<.^.. [050] 01 DE 35 A6 39 27 C9 C5 01 DE 75 3C 0F 1E EA C5 ..5.9'.. ..u<.... [060] 01 0E 00 10 00 08 00 02 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 99 00 00 00 B6 05 00 00 01 02 00 00 01 00 00 ........ ........ [0A0] 00 0C 00 02 00 20 01 00 00 F2 83 EE AE 8E 42 D8 ..... .. ......B. [0B0] 78 67 8C 54 64 37 0D FA 14 08 00 0A 00 10 00 02 xg.Td7.. ........ [0C0] 00 08 00 0A 00 14 00 02 00 18 00 02 00 F2 83 EE ........ ........ [0D0] AE 8E 42 D8 78 10 00 00 00 00 00 00 00 00 00 00 ..B.x... ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [100] 00 00 00 00 00 07 00 00 00 61 00 67 00 6C 00 61 ........ .a.g.l.a [110] 00 62 00 65 00 6B 00 00 00 01 00 00 00 01 02 00 .b.e.k.. ........ [120] 00 07 00 00 00 05 00 00 00 00 00 00 00 04 00 00 ........ ........ [130] 00 53 00 52 00 56 00 32 00 05 00 00 00 00 00 00 .S.R.V.2 ........ [140] 00 04 00 00 00 43 00 4F 00 52 00 50 00 04 00 00 .....C.O .R.P.... [150] 00 01 04 00 00 00 00 00 05 15 00 00 00 06 6A EB ........ ......j. [160] 18 5A BB FE 46 A8 7F 47 83 01 00 00 00 00 00 00 .Z..F..G ........ [170] 00 . [2005/10/03 14:05:15, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 20, reply_seq_num = 37, send_seq_num = 36 data->send_seq_num = 38 [2005/10/03 14:05:15, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 368 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0170 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000c [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000158 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 14:05:15, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 368 [2005/10/03 14:05:15, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_sam_logon [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 buffer_creds: 00020000 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_cred [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_chal [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001c data: e5 57 7f 82 fa 59 25 ff [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_utime [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 time: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 switch_value: 0003 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c net_io_user_info3 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c ptr_user_info : 00020004 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_time logon time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 low : 3349b2ec [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 high: 01c5c84b [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_time logoff time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 low : ffffffff [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c high: 7fffffff [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_time kickoff time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 low : ffffffff [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 high: 7fffffff [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_time last set time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0048 low : 0f3c75de [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c high: 01c5c85e [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_time can change time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 low : 39a635de [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 high: 01c5c927 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_time must change time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0058 low : 0f3c75de [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c high: 01c5ea1e [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_unihdr hdr_user_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0060 uni_str_len: 000e [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 uni_max_len: 0010 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 buffer : 00020008 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_unihdr hdr_full_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0068 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006a uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c buffer : 00000000 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000070 smb_io_unihdr hdr_logon_script [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0070 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0072 uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 buffer : 00000000 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_unihdr hdr_profile_path [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0078 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 007a uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c buffer : 00000000 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_unihdr hdr_home_dir [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0080 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0082 uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0084 buffer : 00000000 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000088 smb_io_unihdr hdr_dir_drive [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0088 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 008a uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 008c buffer : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0090 logon_count : 0099 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0092 bad_pw_count : 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0094 user_rid : 000005b6 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0098 group_rid : 00000201 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 009c num_groups : 00000001 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 buffer_groups : 0002000c [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a4 user_flgs : 00000120 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 00a8 user_sess_key: f2 83 ee ae 8e 42 d8 78 67 8c 54 64 37 0d fa 14 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000b8 smb_io_unihdr hdr_logon_srv [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b8 uni_str_len: 0008 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00ba uni_max_len: 000a [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc buffer : 00020010 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000c0 smb_io_unihdr hdr_logon_dom [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00c0 uni_str_len: 0008 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00c2 uni_max_len: 000a [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c4 buffer : 00020014 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c8 buffer_dom_id : 00020018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 00cc lm_sess_key: f2 83 ee ae 8e 42 d8 78 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d4 acct_flags : 00000010 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d8 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e0 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e4 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e8 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ec unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f0 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f4 num_other_sids: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f8 buffer_other_sids: 00000000 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000fc smb_io_unistr2 uni_user_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00fc uni_max_len: 00000008 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0100 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0104 uni_str_len: 00000007 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0108 buffer : a.g.l.a.b.e.k. [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_full_name [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_logon_script [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_profile_path [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_home_dir [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_dir_drive [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0118 num_groups2 : 00000001 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 00011c smb_io_gid [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 011c g_rid: 00000201 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0120 attr : 00000007 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000124 smb_io_unistr2 uni_logon_srv [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0124 uni_max_len: 00000005 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0128 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 012c uni_str_len: 00000004 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0130 buffer : S.R.V.2. [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000138 smb_io_unistr2 uni_logon_dom [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0138 uni_max_len: 00000005 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 013c offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0140 uni_str_len: 00000004 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0144 buffer : C.O.R.P. [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 00014c smb_io_dom_sid2 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 014c num_auths: 00000004 [2005/10/03 14:05:15, 8] rpc_parse/parse_prs.c:prs_debug(82) 000150 smb_io_dom_sid sid [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0150 sid_rev_num: 01 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0151 num_auths : 04 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0152 id_auth[0] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0153 id_auth[1] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0154 id_auth[2] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0155 id_auth[3] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0156 id_auth[4] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0157 id_auth[5] : 05 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0158 sub_auths : 00000015 18eb6a06 46febb5a 83477fa8 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0168 auth_resp : 00000001 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 016c status : NT_STATUS_OK [2005/10/03 14:05:15, 5] libsmb/credentials.c:clnt_deal_with_creds(148) clnt_deal_with_creds: 148 [2005/10/03 14:05:15, 4] libsmb/credentials.c:cred_create(90) cred_create [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(92) sess_key : B2F58CBF3DC290C6 [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(93) stor_cred: 029E7CCB19A8FAE7 [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(94) timestamp: 43419d0c [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(95) timecred : 0E3BBE0E19A8FAE7 [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_create(96) calc_cred: E5577F82FA5925FF [2005/10/03 14:05:15, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_assert(123) challenge : E5577F82FA5925FF [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_assert(124) calculated: E5577F82FA5925FF [2005/10/03 14:05:15, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2005/10/03 14:05:15, 5] libsmb/credentials.c:clnt_deal_with_creds(167) new clnt cred: 0E3BBE0E19A8FAE7 [2005/10/03 14:05:15, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(133) netsamlogon_cache_store: SID [S-1-5-21-418081286-1191099226-2202501032-1462] [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 timestamp: 43419d0b [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_debug(82) 000004 net_io_user_info3 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr_user_info : 00020004 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_time logon time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 low : 3349b2ec [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c high: 01c5c84b [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_time logoff time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 low : ffffffff [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 high: 7fffffff [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_time kickoff time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 low : ffffffff [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c high: 7fffffff [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_time last set time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 low : 0f3c75de [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 high: 01c5c85e [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_time can change time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 low : 39a635de [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c high: 01c5c927 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_time must change time [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 low : 0f3c75de [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 high: 01c5ea1e [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_unihdr hdr_user_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0038 uni_str_len: 000e [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003a uni_max_len: 0010 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c buffer : 00020008 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_unihdr hdr_full_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0040 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0042 uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 buffer : 00000000 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_unihdr hdr_logon_script [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0048 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 004a uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c buffer : 00000000 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_unihdr hdr_profile_path [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0050 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0052 uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 buffer : 00000000 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_unihdr hdr_home_dir [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0058 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 005a uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c buffer : 00000000 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_unihdr hdr_dir_drive [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0060 uni_str_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 uni_max_len: 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 buffer : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0068 logon_count : 0099 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006a bad_pw_count : 0000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c user_rid : 000005b6 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 group_rid : 00000201 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 num_groups : 00000001 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0078 buffer_groups : 0002000c [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c user_flgs : 00000120 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0080 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000090 smb_io_unihdr hdr_logon_srv [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0090 uni_str_len: 0008 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0092 uni_max_len: 000a [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0094 buffer : 00020010 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_unihdr hdr_logon_dom [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0098 uni_str_len: 0008 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009a uni_max_len: 000a [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 009c buffer : 00020014 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 buffer_dom_id : 00020018 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 00a4 lm_sess_key: 00 00 00 00 00 00 00 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ac acct_flags : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b0 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b4 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b8 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c0 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c4 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c8 unkown: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00cc num_other_sids: 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d0 buffer_other_sids: 00000000 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000d4 smb_io_unistr2 uni_user_name [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d4 uni_max_len: 00000008 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d8 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc uni_str_len: 00000007 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00e0 buffer : a.g.l.a.b.e.k. [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_full_name [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_logon_script [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_profile_path [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_home_dir [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_dir_drive [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f0 num_groups2 : 00000001 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000f4 smb_io_gid [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f4 g_rid: 00000201 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f8 attr : 00000007 [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000fc smb_io_unistr2 uni_logon_srv [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00fc uni_max_len: 00000005 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0100 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0104 uni_str_len: 00000004 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0108 buffer : S.R.V.2. [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000110 smb_io_unistr2 uni_logon_dom [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0110 uni_max_len: 00000005 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0114 offset : 00000000 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0118 uni_str_len: 00000004 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 011c buffer : C.O.R.P. [2005/10/03 14:05:15, 6] rpc_parse/parse_prs.c:prs_debug(82) 000124 smb_io_dom_sid2 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0124 num_auths: 00000004 [2005/10/03 14:05:15, 7] rpc_parse/parse_prs.c:prs_debug(82) 000128 smb_io_dom_sid sid [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0128 sid_rev_num: 01 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0129 num_auths : 04 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012a id_auth[0] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012b id_auth[1] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012c id_auth[2] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012d id_auth[3] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012e id_auth[4] : 00 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012f id_auth[5] : 05 [2005/10/03 14:05:15, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0130 sub_auths : 00000015 18eb6a06 46febb5a 83477fa8 [2005/10/03 14:05:15, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(86) netsamlogon_clear_cached_user: clearing U/CORP/1462 [2005/10/03 14:05:15, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(97) netsamlogon_clear_cached_user: clearing UG/CORP/1462 [2005/10/03 14:05:15, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(795) NTLM CRAP authentication for user [CORP]\[aglabek] returned NT_STATUS_OK (PAM: 0) [2005/10/03 14:05:15, 10] nsswitch/winbindd_cache.c:cache_store_response(1656) Storing response for pid 2470, len 1300 [2005/10/03 14:05:34, 4] nsswitch/winbindd_dual.c:fork_domain_child(527) child daemon request 13 [2005/10/03 14:05:34, 10] nsswitch/winbindd_dual.c:child_process_request(403) process_request: request fn AUTH_CRAP [2005/10/03 14:05:34, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(604) [ 2469]: pam auth crap domain: CORP user: aglabek [2005/10/03 14:05:34, 8] lib/util.c:is_myname(1874) is_myname("CORP") returns 0 [2005/10/03 14:05:34, 4] libsmb/credentials.c:cred_create(90) cred_create [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(92) sess_key : B2F58CBF3DC290C6 [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(93) stor_cred: 0E3BBE0E19A8FAE7 [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(94) timestamp: 43419d1e [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(95) timecred : 2CD8FF5119A8FAE7 [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(96) calc_cred: A41404DA071DDC99 [2005/10/03 14:05:34, 5] rpc_parse/parse_net.c:init_id_info2(1178) init_id_info2: 1178 [2005/10/03 14:05:34, 5] rpc_parse/parse_misc.c:init_logon_id(1586) make_logon_id: 1586 [2005/10/03 14:05:34, 5] rpc_parse/parse_net.c:init_sam_info(1272) init_sam_info: 1272 [2005/10/03 14:05:34, 5] rpc_parse/parse_misc.c:init_clnt_info2(1501) make_clnt_info: 1501 [2005/10/03 14:05:34, 5] rpc_parse/parse_misc.c:init_clnt_srv(1346) init_clnt_srv: 1346 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_sam_logon [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_sam_info [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_clnt_info2 [2005/10/03 14:05:34, 8] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_clnt_srv [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer : 00000001 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000007 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000007 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.S.R.V.2... [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 undoc_buffer2: 00000001 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unistr2 unistr2 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 uni_max_len: 0000000a [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c uni_str_len: 0000000a [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0030 buffer : A.R.K.A.D.Y.L.I.N... [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 ptr_cred: 00000001 [2005/10/03 14:05:34, 8] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_cred [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_chal [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0048 data: a4 14 04 da 07 1d dc 99 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_utime [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 time: 43419d1e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 ptr_rtn_cred : 00000001 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_cred [2005/10/03 14:05:34, 8] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_chal [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0058 data: 00 00 00 00 00 00 00 00 [2005/10/03 14:05:34, 8] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_utime [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0060 time: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0064 logon_level : 0002 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000066 smb_io_sam_info logon_info [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0066 switch_value : 0002 [2005/10/03 14:05:34, 8] rpc_parse/parse_prs.c:prs_debug(82) 000068 net_io_id_info2 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0068 ptr_id_info2: 00000001 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 00006c smb_io_unihdr unihdr [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006c uni_str_len: 0008 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006e uni_max_len: 0008 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 buffer : 00000001 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 param_ctrl: 00000000 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_logon_id [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0078 low : 0000dead [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c high: 0000beef [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_unihdr unihdr [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0080 uni_str_len: 000e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0082 uni_max_len: 000e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0084 buffer : 00000001 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000088 smb_io_unihdr unihdr [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0088 uni_str_len: 0016 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 008a uni_max_len: 0016 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 008c buffer : 00000001 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0090 lm_chal: 72 69 0e 3a 96 03 37 39 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_strhdr hdr_nt_chal_resp [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0098 str_str_len: 0018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009a str_max_len: 0018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 009c buffer : 00000001 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 smb_io_strhdr hdr_lm_chal_resp [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00a0 str_str_len: 0018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00a2 str_max_len: 0018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a4 buffer : 00000001 [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000a8 smb_io_unistr2 uni_domain_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a8 uni_max_len: 00000004 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ac offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b0 uni_str_len: 00000004 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00b4 buffer : C.O.R.P. [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000bc smb_io_unistr2 uni_user_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc uni_max_len: 00000007 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c0 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c4 uni_str_len: 00000007 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00c8 buffer : a.g.l.a.b.e.k. [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000d6 smb_io_unistr2 uni_wksta_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d8 uni_max_len: 0000000b [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e0 uni_str_len: 0000000b [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00e4 buffer : \.\.A.R.K.A.D.Y.L.I.N. [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000fa smb_io_string2 nt_chal_resp [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00fc str_max_len: 00000018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0100 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0104 str_str_len: 00000018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_string2(1001) 0108 buffer : ...$.B<..L....." -.0..8# [2005/10/03 14:05:34, 9] rpc_parse/parse_prs.c:prs_debug(82) 000120 smb_io_string2 lm_chal_resp [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0120 str_max_len: 00000018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0124 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0128 str_str_len: 00000018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_string2(1001) 012c buffer : .Y..Z.b.=..#....z......Q [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0144 validation_level: 0003 [2005/10/03 14:05:34, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x2 data_len: 0x15e [2005/10/03 14:05:34, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 15e auth_len: 0 alloc_hint: 14e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 015e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000d [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000014e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 0002 [2005/10/03 14:05:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 14:05:34, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:34, 5] lib/util.c:show_msg(464) size=432 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=21 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 350 (0x15E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 350 (0x15E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=365 [2005/10/03 14:05:34, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5E 01 00 00 0D 00 00 00 4E .......^ .......N [020] 01 00 00 00 00 02 00 01 00 00 00 07 00 00 00 00 ........ ........ [030] 00 00 00 07 00 00 00 5C 00 5C 00 53 00 52 00 56 .......\ .\.S.R.V [040] 00 32 00 00 00 00 00 01 00 00 00 0A 00 00 00 00 .2...... ........ [050] 00 00 00 0A 00 00 00 41 00 52 00 4B 00 41 00 44 .......A .R.K.A.D [060] 00 59 00 4C 00 49 00 4E 00 00 00 01 00 00 00 A4 .Y.L.I.N ........ [070] 14 04 DA 07 1D DC 99 1E 9D 41 43 01 00 00 00 00 ........ .AC..... [080] 00 00 00 00 00 00 00 00 00 00 00 02 00 02 00 01 ........ ........ [090] 00 00 00 08 00 08 00 01 00 00 00 00 00 00 00 AD ........ ........ [0A0] DE 00 00 EF BE 00 00 0E 00 0E 00 01 00 00 00 16 ........ ........ [0B0] 00 16 00 01 00 00 00 72 69 0E 3A 96 03 37 39 18 .......r i.:..79. [0C0] 00 18 00 01 00 00 00 18 00 18 00 01 00 00 00 04 ........ ........ [0D0] 00 00 00 00 00 00 00 04 00 00 00 43 00 4F 00 52 ........ ...C.O.R [0E0] 00 50 00 07 00 00 00 00 00 00 00 07 00 00 00 61 .P...... .......a [0F0] 00 67 00 6C 00 61 00 62 00 65 00 6B 00 00 00 0B .g.l.a.b .e.k.... [100] 00 00 00 00 00 00 00 0B 00 00 00 5C 00 5C 00 41 ........ ...\.\.A [110] 00 52 00 4B 00 41 00 44 00 59 00 4C 00 49 00 4E .R.K.A.D .Y.L.I.N [120] 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 ED ........ ........ [130] FA E8 24 F0 42 3C A0 1B 4C A8 D1 D9 A4 CA 22 20 ..$.B<.. L....." [140] 2D FC 30 C1 1D 38 23 18 00 00 00 00 00 00 00 18 -.0..8#. ........ [150] 00 00 00 E5 59 9E 85 5A AB 62 E0 3D 00 CD 23 A9 ....Y..Z .b.=..#. [160] E4 A7 E1 7A BF 1C 1B D2 10 F4 51 03 00 ...z.... ..Q.. [2005/10/03 14:05:34, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 38 [2005/10/03 14:05:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 14:05:34, 10] lib/util.c:dump_data(2053) [000] 5D 83 56 93 CF 04 D3 3A ].V....: [2005/10/03 14:05:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 39 mid = 21 [2005/10/03 14:05:34, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,436) [2005/10/03 14:05:34, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,436) wrote 436 [2005/10/03 14:05:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 39 mid = 21 [2005/10/03 14:05:34, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 21, reply_seq_num = 39, send_seq_num = 38 data->send_seq_num = 40 [2005/10/03 14:05:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 424 [2005/10/03 14:05:34, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:34, 5] lib/util.c:show_msg(464) size=424 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 368 (0x170) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 368 (0x170) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=369 [2005/10/03 14:05:34, 10] lib/util.c:dump_data(2053) [000] 5E 05 00 02 03 10 00 00 00 70 01 00 00 0D 00 00 ^....... .p...... [010] 00 58 01 00 00 00 00 00 00 00 00 02 00 23 6D EA .X...... .....#m. [020] 79 A4 92 F5 B1 00 00 00 00 03 00 00 00 04 00 02 y....... ........ [030] 00 EC B2 49 33 4B C8 C5 01 FF FF FF FF FF FF FF ...I3K.. ........ [040] 7F FF FF FF FF FF FF FF 7F DE 75 3C 0F 5E C8 C5 ........ ..u<.^.. [050] 01 DE 35 A6 39 27 C9 C5 01 DE 75 3C 0F 1E EA C5 ..5.9'.. ..u<.... [060] 01 0E 00 10 00 08 00 02 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 99 00 00 00 B6 05 00 00 01 02 00 00 01 00 00 ........ ........ [0A0] 00 0C 00 02 00 20 01 00 00 10 AD F6 04 F6 DF 39 ..... .. .......9 [0B0] B8 62 29 00 28 CC C8 FB CB 08 00 0A 00 10 00 02 .b).(... ........ [0C0] 00 08 00 0A 00 14 00 02 00 18 00 02 00 17 AF 42 ........ .......B [0D0] C9 CF D8 42 5A 10 00 00 00 00 00 00 00 00 00 00 ...BZ... ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [100] 00 00 00 00 00 07 00 00 00 61 00 67 00 6C 00 61 ........ .a.g.l.a [110] 00 62 00 65 00 6B 00 00 00 01 00 00 00 01 02 00 .b.e.k.. ........ [120] 00 07 00 00 00 05 00 00 00 00 00 00 00 04 00 00 ........ ........ [130] 00 53 00 52 00 56 00 32 00 05 00 00 00 00 00 00 .S.R.V.2 ........ [140] 00 04 00 00 00 43 00 4F 00 52 00 50 00 04 00 00 .....C.O .R.P.... [150] 00 01 04 00 00 00 00 00 05 15 00 00 00 06 6A EB ........ ......j. [160] 18 5A BB FE 46 A8 7F 47 83 01 00 00 00 00 00 00 .Z..F..G ........ [170] 00 . [2005/10/03 14:05:34, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 39 [2005/10/03 14:05:34, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 39: got good SMB signature of [2005/10/03 14:05:34, 10] lib/util.c:dump_data(2053) [000] D6 0D A6 E0 B1 DB D4 2E ........ [2005/10/03 14:05:34, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:34, 5] lib/util.c:show_msg(464) size=424 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 368 (0x170) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 368 (0x170) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=369 [2005/10/03 14:05:34, 10] lib/util.c:dump_data(2053) [000] 5E 05 00 02 03 10 00 00 00 70 01 00 00 0D 00 00 ^....... .p...... [010] 00 58 01 00 00 00 00 00 00 00 00 02 00 23 6D EA .X...... .....#m. [020] 79 A4 92 F5 B1 00 00 00 00 03 00 00 00 04 00 02 y....... ........ [030] 00 EC B2 49 33 4B C8 C5 01 FF FF FF FF FF FF FF ...I3K.. ........ [040] 7F FF FF FF FF FF FF FF 7F DE 75 3C 0F 5E C8 C5 ........ ..u<.^.. [050] 01 DE 35 A6 39 27 C9 C5 01 DE 75 3C 0F 1E EA C5 ..5.9'.. ..u<.... [060] 01 0E 00 10 00 08 00 02 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 99 00 00 00 B6 05 00 00 01 02 00 00 01 00 00 ........ ........ [0A0] 00 0C 00 02 00 20 01 00 00 10 AD F6 04 F6 DF 39 ..... .. .......9 [0B0] B8 62 29 00 28 CC C8 FB CB 08 00 0A 00 10 00 02 .b).(... ........ [0C0] 00 08 00 0A 00 14 00 02 00 18 00 02 00 17 AF 42 ........ .......B [0D0] C9 CF D8 42 5A 10 00 00 00 00 00 00 00 00 00 00 ...BZ... ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [100] 00 00 00 00 00 07 00 00 00 61 00 67 00 6C 00 61 ........ .a.g.l.a [110] 00 62 00 65 00 6B 00 00 00 01 00 00 00 01 02 00 .b.e.k.. ........ [120] 00 07 00 00 00 05 00 00 00 00 00 00 00 04 00 00 ........ ........ [130] 00 53 00 52 00 56 00 32 00 05 00 00 00 00 00 00 .S.R.V.2 ........ [140] 00 04 00 00 00 43 00 4F 00 52 00 50 00 04 00 00 .....C.O .R.P.... [150] 00 01 04 00 00 00 00 00 05 15 00 00 00 06 6A EB ........ ......j. [160] 18 5A BB FE 46 A8 7F 47 83 01 00 00 00 00 00 00 .Z..F..G ........ [170] 00 . [2005/10/03 14:05:34, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 21, reply_seq_num = 39, send_seq_num = 38 data->send_seq_num = 40 [2005/10/03 14:05:34, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 368 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0170 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000d [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000158 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 14:05:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 368 [2005/10/03 14:05:34, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_sam_logon [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 buffer_creds: 00020000 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_cred [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_chal [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001c data: 23 6d ea 79 a4 92 f5 b1 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_utime [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 time: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 switch_value: 0003 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c net_io_user_info3 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c ptr_user_info : 00020004 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_time logon time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 low : 3349b2ec [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 high: 01c5c84b [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_time logoff time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 low : ffffffff [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c high: 7fffffff [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_time kickoff time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 low : ffffffff [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 high: 7fffffff [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_time last set time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0048 low : 0f3c75de [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c high: 01c5c85e [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_time can change time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 low : 39a635de [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 high: 01c5c927 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_time must change time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0058 low : 0f3c75de [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c high: 01c5ea1e [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_unihdr hdr_user_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0060 uni_str_len: 000e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 uni_max_len: 0010 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 buffer : 00020008 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_unihdr hdr_full_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0068 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006a uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c buffer : 00000000 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000070 smb_io_unihdr hdr_logon_script [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0070 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0072 uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 buffer : 00000000 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_unihdr hdr_profile_path [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0078 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 007a uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c buffer : 00000000 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_unihdr hdr_home_dir [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0080 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0082 uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0084 buffer : 00000000 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000088 smb_io_unihdr hdr_dir_drive [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0088 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 008a uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 008c buffer : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0090 logon_count : 0099 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0092 bad_pw_count : 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0094 user_rid : 000005b6 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0098 group_rid : 00000201 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 009c num_groups : 00000001 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 buffer_groups : 0002000c [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a4 user_flgs : 00000120 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 00a8 user_sess_key: 10 ad f6 04 f6 df 39 b8 62 29 00 28 cc c8 fb cb [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000b8 smb_io_unihdr hdr_logon_srv [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00b8 uni_str_len: 0008 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00ba uni_max_len: 000a [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc buffer : 00020010 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000c0 smb_io_unihdr hdr_logon_dom [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00c0 uni_str_len: 0008 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00c2 uni_max_len: 000a [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c4 buffer : 00020014 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c8 buffer_dom_id : 00020018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 00cc lm_sess_key: 17 af 42 c9 cf d8 42 5a [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d4 acct_flags : 00000010 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d8 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e0 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e4 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e8 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ec unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f0 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f4 num_other_sids: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f8 buffer_other_sids: 00000000 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000fc smb_io_unistr2 uni_user_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00fc uni_max_len: 00000008 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0100 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0104 uni_str_len: 00000007 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0108 buffer : a.g.l.a.b.e.k. [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_full_name [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_logon_script [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_profile_path [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_home_dir [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000116 smb_io_unistr2 - NULL uni_dir_drive [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0118 num_groups2 : 00000001 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 00011c smb_io_gid [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 011c g_rid: 00000201 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0120 attr : 00000007 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000124 smb_io_unistr2 uni_logon_srv [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0124 uni_max_len: 00000005 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0128 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 012c uni_str_len: 00000004 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0130 buffer : S.R.V.2. [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000138 smb_io_unistr2 uni_logon_dom [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0138 uni_max_len: 00000005 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 013c offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0140 uni_str_len: 00000004 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0144 buffer : C.O.R.P. [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 00014c smb_io_dom_sid2 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 014c num_auths: 00000004 [2005/10/03 14:05:34, 8] rpc_parse/parse_prs.c:prs_debug(82) 000150 smb_io_dom_sid sid [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0150 sid_rev_num: 01 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0151 num_auths : 04 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0152 id_auth[0] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0153 id_auth[1] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0154 id_auth[2] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0155 id_auth[3] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0156 id_auth[4] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0157 id_auth[5] : 05 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0158 sub_auths : 00000015 18eb6a06 46febb5a 83477fa8 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0168 auth_resp : 00000001 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 016c status : NT_STATUS_OK [2005/10/03 14:05:34, 5] libsmb/credentials.c:clnt_deal_with_creds(148) clnt_deal_with_creds: 148 [2005/10/03 14:05:34, 4] libsmb/credentials.c:cred_create(90) cred_create [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(92) sess_key : B2F58CBF3DC290C6 [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(93) stor_cred: 0E3BBE0E19A8FAE7 [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(94) timestamp: 43419d1f [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(95) timecred : 2DD8FF5119A8FAE7 [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_create(96) calc_cred: 236DEA79A492F5B1 [2005/10/03 14:05:34, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_assert(123) challenge : 236DEA79A492F5B1 [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_assert(124) calculated: 236DEA79A492F5B1 [2005/10/03 14:05:34, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2005/10/03 14:05:34, 5] libsmb/credentials.c:clnt_deal_with_creds(167) new clnt cred: 2DD8FF5119A8FAE7 [2005/10/03 14:05:34, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(133) netsamlogon_cache_store: SID [S-1-5-21-418081286-1191099226-2202501032-1462] [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 timestamp: 43419d1e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_debug(82) 000004 net_io_user_info3 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr_user_info : 00020004 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_time logon time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 low : 3349b2ec [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c high: 01c5c84b [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_time logoff time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 low : ffffffff [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 high: 7fffffff [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_time kickoff time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 low : ffffffff [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c high: 7fffffff [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_time last set time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 low : 0f3c75de [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 high: 01c5c85e [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_time can change time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 low : 39a635de [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c high: 01c5c927 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_time must change time [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 low : 0f3c75de [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 high: 01c5ea1e [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_unihdr hdr_user_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0038 uni_str_len: 000e [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003a uni_max_len: 0010 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c buffer : 00020008 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_unihdr hdr_full_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0040 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0042 uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 buffer : 00000000 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_unihdr hdr_logon_script [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0048 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 004a uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 004c buffer : 00000000 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_unihdr hdr_profile_path [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0050 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0052 uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 buffer : 00000000 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_unihdr hdr_home_dir [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0058 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 005a uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 005c buffer : 00000000 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_unihdr hdr_dir_drive [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0060 uni_str_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 uni_max_len: 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 buffer : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0068 logon_count : 0099 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006a bad_pw_count : 0000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c user_rid : 000005b6 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 group_rid : 00000201 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 num_groups : 00000001 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0078 buffer_groups : 0002000c [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c user_flgs : 00000120 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0080 user_sess_key: e2 2e 18 aa 78 9d e1 c0 05 a5 54 4c fb c5 01 df [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000090 smb_io_unihdr hdr_logon_srv [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0090 uni_str_len: 0008 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0092 uni_max_len: 000a [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0094 buffer : 00020010 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_unihdr hdr_logon_dom [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0098 uni_str_len: 0008 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009a uni_max_len: 000a [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 009c buffer : 00020014 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 buffer_dom_id : 00020018 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 00a4 lm_sess_key: e5 2c ac 67 41 9a 9a 22 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ac acct_flags : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b0 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b4 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b8 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c0 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c4 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c8 unkown: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00cc num_other_sids: 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d0 buffer_other_sids: 00000000 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000d4 smb_io_unistr2 uni_user_name [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d4 uni_max_len: 00000008 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d8 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc uni_str_len: 00000007 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00e0 buffer : a.g.l.a.b.e.k. [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_full_name [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_logon_script [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_profile_path [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_home_dir [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000ee smb_io_unistr2 - NULL uni_dir_drive [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f0 num_groups2 : 00000001 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000f4 smb_io_gid [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f4 g_rid: 00000201 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f8 attr : 00000007 [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000fc smb_io_unistr2 uni_logon_srv [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00fc uni_max_len: 00000005 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0100 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0104 uni_str_len: 00000004 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0108 buffer : S.R.V.2. [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000110 smb_io_unistr2 uni_logon_dom [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0110 uni_max_len: 00000005 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0114 offset : 00000000 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0118 uni_str_len: 00000004 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 011c buffer : C.O.R.P. [2005/10/03 14:05:34, 6] rpc_parse/parse_prs.c:prs_debug(82) 000124 smb_io_dom_sid2 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0124 num_auths: 00000004 [2005/10/03 14:05:34, 7] rpc_parse/parse_prs.c:prs_debug(82) 000128 smb_io_dom_sid sid [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0128 sid_rev_num: 01 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0129 num_auths : 04 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012a id_auth[0] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012b id_auth[1] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012c id_auth[2] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012d id_auth[3] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012e id_auth[4] : 00 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint8(580) 012f id_auth[5] : 05 [2005/10/03 14:05:34, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0130 sub_auths : 00000015 18eb6a06 46febb5a 83477fa8 [2005/10/03 14:05:34, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(86) netsamlogon_clear_cached_user: clearing U/CORP/1462 [2005/10/03 14:05:34, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(97) netsamlogon_clear_cached_user: clearing UG/CORP/1462 [2005/10/03 14:05:34, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(795) NTLM CRAP authentication for user [CORP]\[aglabek] returned NT_STATUS_OK (PAM: 0) [2005/10/03 14:05:34, 10] nsswitch/winbindd_cache.c:cache_store_response(1656) Storing response for pid 2470, len 1300 [2005/10/03 14:05:40, 4] nsswitch/winbindd_dual.c:fork_domain_child(527) child daemon request 13 [2005/10/03 14:05:40, 10] nsswitch/winbindd_dual.c:child_process_request(403) process_request: request fn AUTH_CRAP [2005/10/03 14:05:40, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(604) [ 2469]: pam auth crap domain: CORP user: aglabek [2005/10/03 14:05:40, 8] lib/util.c:is_myname(1874) is_myname("CORP") returns 0 [2005/10/03 14:05:40, 4] libsmb/credentials.c:cred_create(90) cred_create [2005/10/03 14:05:40, 5] libsmb/credentials.c:cred_create(92) sess_key : B2F58CBF3DC290C6 [2005/10/03 14:05:40, 5] libsmb/credentials.c:cred_create(93) stor_cred: 2DD8FF5119A8FAE7 [2005/10/03 14:05:40, 5] libsmb/credentials.c:cred_create(94) timestamp: 43419d24 [2005/10/03 14:05:40, 5] libsmb/credentials.c:cred_create(95) timecred : 5175419519A8FAE7 [2005/10/03 14:05:40, 5] libsmb/credentials.c:cred_create(96) calc_cred: 262A855C58A70390 [2005/10/03 14:05:40, 5] rpc_parse/parse_net.c:init_id_info2(1178) init_id_info2: 1178 [2005/10/03 14:05:40, 5] rpc_parse/parse_misc.c:init_logon_id(1586) make_logon_id: 1586 [2005/10/03 14:05:40, 5] rpc_parse/parse_net.c:init_sam_info(1272) init_sam_info: 1272 [2005/10/03 14:05:40, 5] rpc_parse/parse_misc.c:init_clnt_info2(1501) make_clnt_info: 1501 [2005/10/03 14:05:40, 5] rpc_parse/parse_misc.c:init_clnt_srv(1346) init_clnt_srv: 1346 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_sam_logon [2005/10/03 14:05:40, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_sam_info [2005/10/03 14:05:40, 7] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_clnt_info2 [2005/10/03 14:05:40, 8] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_clnt_srv [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer : 00000001 [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000007 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000007 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : \.\.S.R.V.2... [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 undoc_buffer2: 00000001 [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unistr2 unistr2 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 uni_max_len: 0000000a [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 offset : 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c uni_str_len: 0000000a [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0030 buffer : A.R.K.A.D.Y.L.I.N... [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0044 ptr_cred: 00000001 [2005/10/03 14:05:40, 8] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_cred [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_chal [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0048 data: 26 2a 85 5c 58 a7 03 90 [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_utime [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 time: 43419d24 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 ptr_rtn_cred : 00000001 [2005/10/03 14:05:40, 7] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_cred [2005/10/03 14:05:40, 8] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_chal [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0058 data: 00 00 00 00 00 00 00 00 [2005/10/03 14:05:40, 8] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_utime [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0060 time: 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0064 logon_level : 0002 [2005/10/03 14:05:40, 7] rpc_parse/parse_prs.c:prs_debug(82) 000066 smb_io_sam_info logon_info [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0066 switch_value : 0002 [2005/10/03 14:05:40, 8] rpc_parse/parse_prs.c:prs_debug(82) 000068 net_io_id_info2 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0068 ptr_id_info2: 00000001 [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 00006c smb_io_unihdr unihdr [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006c uni_str_len: 0008 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 006e uni_max_len: 0008 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 buffer : 00000001 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0074 param_ctrl: 00000000 [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000078 smb_io_logon_id [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0078 low : 0000dead [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 007c high: 0000beef [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000080 smb_io_unihdr unihdr [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0080 uni_str_len: 000e [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0082 uni_max_len: 000e [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0084 buffer : 00000001 [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000088 smb_io_unihdr unihdr [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0088 uni_str_len: 0016 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 008a uni_max_len: 0016 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 008c buffer : 00000001 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0090 lm_chal: fa a5 51 8a 3b ad 26 cd [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_strhdr hdr_nt_chal_resp [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0098 str_str_len: 0018 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009a str_max_len: 0018 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 009c buffer : 00000001 [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 smb_io_strhdr hdr_lm_chal_resp [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00a0 str_str_len: 0018 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 00a2 str_max_len: 0018 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a4 buffer : 00000001 [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000a8 smb_io_unistr2 uni_domain_name [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a8 uni_max_len: 00000004 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00ac offset : 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00b0 uni_str_len: 00000004 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00b4 buffer : C.O.R.P. [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000bc smb_io_unistr2 uni_user_name [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00bc uni_max_len: 00000007 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c0 offset : 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00c4 uni_str_len: 00000007 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00c8 buffer : a.g.l.a.b.e.k. [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000d6 smb_io_unistr2 uni_wksta_name [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00d8 uni_max_len: 0000000b [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00dc offset : 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00e0 uni_str_len: 0000000b [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 00e4 buffer : \.\.A.R.K.A.D.Y.L.I.N. [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 0000fa smb_io_string2 nt_chal_resp [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00fc str_max_len: 00000018 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0100 offset : 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0104 str_str_len: 00000018 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_string2(1001) 0108 buffer : ....\*....A.....@QVUD.(. [2005/10/03 14:05:40, 9] rpc_parse/parse_prs.c:prs_debug(82) 000120 smb_io_string2 lm_chal_resp [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0120 str_max_len: 00000018 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0124 offset : 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0128 str_str_len: 00000018 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_string2(1001) 012c buffer : .1....n.sVd..).O.._K.... [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0144 validation_level: 0003 [2005/10/03 14:05:40, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x2 data_len: 0x15e [2005/10/03 14:05:40, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 15e auth_len: 0 alloc_hint: 14e [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 015e [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000e [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000014e [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 0002 [2005/10/03 14:05:40, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 14:05:40, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:40, 5] lib/util.c:show_msg(464) size=432 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 350 (0x15E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 350 (0x15E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=365 [2005/10/03 14:05:40, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5E 01 00 00 0E 00 00 00 4E .......^ .......N [020] 01 00 00 00 00 02 00 01 00 00 00 07 00 00 00 00 ........ ........ [030] 00 00 00 07 00 00 00 5C 00 5C 00 53 00 52 00 56 .......\ .\.S.R.V [040] 00 32 00 00 00 00 00 01 00 00 00 0A 00 00 00 00 .2...... ........ [050] 00 00 00 0A 00 00 00 41 00 52 00 4B 00 41 00 44 .......A .R.K.A.D [060] 00 59 00 4C 00 49 00 4E 00 00 00 01 00 00 00 26 .Y.L.I.N .......& [070] 2A 85 5C 58 A7 03 90 24 9D 41 43 01 00 00 00 00 *.\X...$ .AC..... [080] 00 00 00 00 00 00 00 00 00 00 00 02 00 02 00 01 ........ ........ [090] 00 00 00 08 00 08 00 01 00 00 00 00 00 00 00 AD ........ ........ [0A0] DE 00 00 EF BE 00 00 0E 00 0E 00 01 00 00 00 16 ........ ........ [0B0] 00 16 00 01 00 00 00 FA A5 51 8A 3B AD 26 CD 18 ........ .Q.;.&.. [0C0] 00 18 00 01 00 00 00 18 00 18 00 01 00 00 00 04 ........ ........ [0D0] 00 00 00 00 00 00 00 04 00 00 00 43 00 4F 00 52 ........ ...C.O.R [0E0] 00 50 00 07 00 00 00 00 00 00 00 07 00 00 00 61 .P...... .......a [0F0] 00 67 00 6C 00 61 00 62 00 65 00 6B 00 00 00 0B .g.l.a.b .e.k.... [100] 00 00 00 00 00 00 00 0B 00 00 00 5C 00 5C 00 41 ........ ...\.\.A [110] 00 52 00 4B 00 41 00 44 00 59 00 4C 00 49 00 4E .R.K.A.D .Y.L.I.N [120] 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 B3 ........ ........ [130] 0B 06 15 5C 2A D5 CB 92 87 41 1D C5 CB C6 02 40 ...\*... .A.....@ [140] 51 56 55 44 1B 28 B9 18 00 00 00 00 00 00 00 18 QVUD.(.. ........ [150] 00 00 00 19 31 8B B9 F2 FD 6E C9 73 56 64 06 F5 ....1... .n.sVd.. [160] 29 A5 4F 8C E3 5F 4B 98 12 83 01 03 00 ).O.._K. ..... [2005/10/03 14:05:40, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 40 [2005/10/03 14:05:40, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 14:05:40, 10] lib/util.c:dump_data(2053) [000] 27 E4 D2 67 ED 62 ED 67 '..g.b.g [2005/10/03 14:05:40, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 41 mid = 22 [2005/10/03 14:05:40, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,436) [2005/10/03 14:05:40, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,436) wrote 436 [2005/10/03 14:05:40, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 41 mid = 22 [2005/10/03 14:05:40, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 22, reply_seq_num = 41, send_seq_num = 40 data->send_seq_num = 42 [2005/10/03 14:05:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 112 [2005/10/03 14:05:40, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:40, 5] lib/util.c:show_msg(464) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2005/10/03 14:05:40, 10] lib/util.c:dump_data(2053) [000] 5E 05 00 02 03 10 00 00 00 38 00 00 00 0E 00 00 ^....... .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 02 00 19 0E 68 . ...... .......h [020] 26 C1 93 42 FA 00 00 00 00 03 00 00 00 00 00 00 &..B.... ........ [030] 00 01 00 00 00 6A 00 00 C0 .....j.. . [2005/10/03 14:05:40, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 41 [2005/10/03 14:05:40, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 41: got good SMB signature of [2005/10/03 14:05:40, 10] lib/util.c:dump_data(2053) [000] 44 57 48 C6 C9 DD 1B FC DWH..... [2005/10/03 14:05:40, 5] lib/util.c:show_msg(454) [2005/10/03 14:05:40, 5] lib/util.c:show_msg(464) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2005/10/03 14:05:40, 10] lib/util.c:dump_data(2053) [000] 5E 05 00 02 03 10 00 00 00 38 00 00 00 0E 00 00 ^....... .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 02 00 19 0E 68 . ...... .......h [020] 26 C1 93 42 FA 00 00 00 00 03 00 00 00 00 00 00 &..B.... ........ [030] 00 01 00 00 00 6A 00 00 C0 .....j.. . [2005/10/03 14:05:40, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 22, reply_seq_num = 41, send_seq_num = 40 data->send_seq_num = 42 [2005/10/03 14:05:40, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 56 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0038 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000e [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000020 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 14:05:40, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 56 [2005/10/03 14:05:40, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_sam_logon [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 buffer_creds: 00020000 [2005/10/03 14:05:40, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_cred [2005/10/03 14:05:40, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_chal [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001c data: 19 0e 68 26 c1 93 42 fa [2005/10/03 14:05:40, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_utime [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 time: 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 switch_value: 0003 [2005/10/03 14:05:40, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c net_io_user_info3 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c ptr_user_info : 00000000 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 auth_resp : 00000001 [2005/10/03 14:05:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0034 status : NT_STATUS_WRONG_PASSWORD [2005/10/03 14:05:40, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(795) NTLM CRAP authentication for user [CORP]\[aglabek] returned NT_STATUS_WRONG_PASSWORD (PAM: 7) [2005/10/03 14:06:26, 4] nsswitch/winbindd_dual.c:fork_domain_child(527) child daemon request 17 [2005/10/03 14:06:26, 10] nsswitch/winbindd_dual.c:child_process_request(403) process_request: request fn LIST_TRUSTDOM [2005/10/03 14:06:26, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(124) [ 2469]: list trusted domains [2005/10/03 14:06:26, 10] nsswitch/winbindd_cache.c:trusted_domains(1548) trusted_domains: [Cached] - doing backend query for info for domain CORP [2005/10/03 14:06:26, 3] nsswitch/winbindd_ads.c:trusted_domains(816) ads: trusted_domains [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 ds_io_q_enum_domain_trusts [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 server_ptr: 00000001 [2005/10/03 14:06:26, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 server [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000005 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000005 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : S.R.V.2... [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c flags: 00000003 [2005/10/03 14:06:26, 5] rpc_client/cli_pipe.c:create_rpc_request(865) create_rpc_request: opnum: 0x28 data_len: 0x38 [2005/10/03 14:06:26, 10] rpc_client/cli_pipe.c:create_rpc_request(882) create_rpc_request: data_len: 38 auth_len: 0 alloc_hint: 28 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0038 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000f [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000028 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 opnum : 0028 [2005/10/03 14:06:26, 5] rpc_client/cli_pipe.c:rpc_api_pipe(423) rpc_api_pipe: fnum:8002 [2005/10/03 14:06:26, 5] lib/util.c:show_msg(454) [2005/10/03 14:06:26, 5] lib/util.c:show_msg(464) size=138 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32770 (0x8002) smb_bcc=71 [2005/10/03 14:06:26, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 38 00 00 00 0F 00 00 00 28 .......8 .......( [020] 00 00 00 00 00 28 00 01 00 00 00 05 00 00 00 00 .....(.. ........ [030] 00 00 00 05 00 00 00 53 00 52 00 56 00 32 00 00 .......S .R.V.2.. [040] 00 00 00 03 00 00 00 ....... [2005/10/03 14:06:26, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 42 [2005/10/03 14:06:26, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2005/10/03 14:06:26, 10] lib/util.c:dump_data(2053) [000] C1 04 6D 81 FC B1 33 A8 ..m...3. [2005/10/03 14:06:26, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 43 mid = 23 [2005/10/03 14:06:26, 6] libsmb/clientgen.c:write_socket(132) write_socket(5,142) [2005/10/03 14:06:26, 6] libsmb/clientgen.c:write_socket(135) write_socket(5,142) wrote 142 [2005/10/03 14:06:26, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 43 mid = 23 [2005/10/03 14:06:26, 10] libsmb/smb_signing.c:cli_signing_trans_start(537) cli_signing_trans_start: storing mid = 23, reply_seq_num = 43, send_seq_num = 42 data->send_seq_num = 44 [2005/10/03 14:06:26, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 240 [2005/10/03 14:06:26, 5] lib/util.c:show_msg(454) [2005/10/03 14:06:26, 5] lib/util.c:show_msg(464) size=240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 184 (0xB8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=185 [2005/10/03 14:06:26, 10] lib/util.c:dump_data(2053) [000] 38 05 00 02 03 10 00 00 00 B8 00 00 00 0F 00 00 8....... ........ [010] 00 A0 00 00 00 00 00 00 00 01 00 00 00 00 00 02 ........ ........ [020] 00 01 00 00 00 04 00 02 00 08 00 02 00 1D 00 00 ........ ........ [030] 00 00 00 00 00 02 00 00 00 00 00 00 00 0C 00 02 ........ ........ [040] 00 BD 18 DF 19 F4 F2 3A 45 82 FD 63 B0 2C 89 6A .......: E..c.,.j [050] E1 05 00 00 00 00 00 00 00 05 00 00 00 43 00 4F ........ .....C.O [060] 00 52 00 50 00 00 00 47 83 12 00 00 00 00 00 00 .R.P...G ........ [070] 00 12 00 00 00 63 00 6F 00 72 00 70 00 2E 00 63 .....c.o .r.p...c [080] 00 65 00 6E 00 74 00 65 00 72 00 69 00 73 00 2E .e.n.t.e .r.i.s.. [090] 00 63 00 6F 00 6D 00 00 00 04 00 00 00 01 04 00 .c.o.m.. ........ [0A0] 00 00 00 00 05 15 00 00 00 06 6A EB 18 5A BB FE ........ ..j..Z.. [0B0] 46 A8 7F 47 83 00 00 00 00 F..G.... . [2005/10/03 14:06:26, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 43 [2005/10/03 14:06:26, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 43: got good SMB signature of [2005/10/03 14:06:26, 10] lib/util.c:dump_data(2053) [000] C5 EC C0 4C D2 7C C8 6B ...L.|.k [2005/10/03 14:06:26, 5] lib/util.c:show_msg(454) [2005/10/03 14:06:26, 5] lib/util.c:show_msg(464) size=240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=36864 smb_pid=2470 smb_uid=2048 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 184 (0xB8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=185 [2005/10/03 14:06:26, 10] lib/util.c:dump_data(2053) [000] 38 05 00 02 03 10 00 00 00 B8 00 00 00 0F 00 00 8....... ........ [010] 00 A0 00 00 00 00 00 00 00 01 00 00 00 00 00 02 ........ ........ [020] 00 01 00 00 00 04 00 02 00 08 00 02 00 1D 00 00 ........ ........ [030] 00 00 00 00 00 02 00 00 00 00 00 00 00 0C 00 02 ........ ........ [040] 00 BD 18 DF 19 F4 F2 3A 45 82 FD 63 B0 2C 89 6A .......: E..c.,.j [050] E1 05 00 00 00 00 00 00 00 05 00 00 00 43 00 4F ........ .....C.O [060] 00 52 00 50 00 00 00 47 83 12 00 00 00 00 00 00 .R.P...G ........ [070] 00 12 00 00 00 63 00 6F 00 72 00 70 00 2E 00 63 .....c.o .r.p...c [080] 00 65 00 6E 00 74 00 65 00 72 00 69 00 73 00 2E .e.n.t.e .r.i.s.. [090] 00 63 00 6F 00 6D 00 00 00 04 00 00 00 01 04 00 .c.o.m.. ........ [0A0] 00 00 00 00 05 15 00 00 00 06 6A EB 18 5A BB FE ........ ..j..Z.. [0B0] 46 A8 7F 47 83 00 00 00 00 F..G.... . [2005/10/03 14:06:26, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 23, reply_seq_num = 43, send_seq_num = 42 data->send_seq_num = 44 [2005/10/03 14:06:26, 5] rpc_client/cli_pipe.c:rpc_check_hdr(136) rpc_check_hdr: rdata->data_size = 184 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 00b8 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 0000000f [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 000000a0 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/10/03 14:06:26, 5] rpc_client/cli_pipe.c:rpc_api_pipe(499) rpc_api_pipe: len left: 0 smbtrans read: 184 [2005/10/03 14:06:26, 6] rpc_client/cli_pipe.c:rpc_api_pipe(541) rpc_api_pipe: fragment first and last both set [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 ds_io_r_enum_domain_trusts [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_domains: 00000001 [2005/10/03 14:06:26, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c ds_io_dom_trusts_ctr domains [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr: 00020000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 max_count: 00000001 [2005/10/03 14:06:26, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 ds_io_dom_trusts_ctr domain_trusts [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 netbios_ptr: 00020004 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 dns_ptr: 00020008 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c flags: 0000001d [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 parent_index: 00000000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 trust_type: 00000002 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0038 trust_attributes: 00000000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 003c sid_ptr: 0002000c [2005/10/03 14:06:26, 8] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_uuid guid [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 data : 19df18bd [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0044 data : f2f4 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0046 data : 453a [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0048 data : 82 fd [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 004a data : 63 b0 2c 89 6a e1 [2005/10/03 14:06:26, 7] rpc_parse/parse_prs.c:prs_debug(82) 000050 smb_io_unistr2 netbios_domain [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0050 uni_max_len: 00000005 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0054 offset : 00000000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0058 uni_str_len: 00000005 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 005c buffer : C.O.R.P... [2005/10/03 14:06:26, 7] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_unistr2 dns_domain [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0068 uni_max_len: 00000012 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 006c offset : 00000000 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0070 uni_str_len: 00000012 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0074 buffer : c.o.r.p...c.e.n.t.e.r.i.s...c.o.m... [2005/10/03 14:06:26, 7] rpc_parse/parse_prs.c:prs_debug(82) 000098 smb_io_dom_sid2 sid [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0098 num_auths: 00000004 [2005/10/03 14:06:26, 8] rpc_parse/parse_prs.c:prs_debug(82) 00009c smb_io_dom_sid sid [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009c sid_rev_num: 01 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009d num_auths : 04 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009e id_auth[0] : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009f id_auth[1] : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a0 id_auth[2] : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a1 id_auth[3] : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a2 id_auth[4] : 00 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a3 id_auth[5] : 05 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00a4 sub_auths : 00000015 18eb6a06 46febb5a 83477fa8 [2005/10/03 14:06:26, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 00b4 status: NT_STATUS_OK [2005/10/03 14:06:26, 10] nsswitch/winbindd_cache.c:cache_store_response(1656) Storing response for pid 2470, len 1364 [2005/10/03 14:06:26, 10] nsswitch/winbindd_cache.c:cache_store_response(1670) Storing extra data: len=64