get_current_groups: user is in 3 groups: 0, 1, 3 smbd version Samba for GuardianOS v2.6.013.200308291451 started. Copyright Andrew Tridgell and the Samba Team 1992-2003 uid=0 gid=0 euid=0 egid=0 Build environment: Built by: root@BuildSys Built on: Fri Aug 29 15:04:06 PDT 2003 Built using: gcc Build host: Linux BuildSys 2.4.18-3smp #1 SMP Thu Apr 18 06:59:55 EDT 2002 i686 athlon i386 GNU/Linux SRCDIR: /trinity/samba/samba/source BUILDDIR: /trinity/samba/samba/source Paths: SBINDIR: /bin BINDIR: /bin SWATDIR: /usr/swat CONFIGFILE: /etc/smb.conf LOGFILEBASE: /var/log/samba LMHOSTSFILE: /etc/lmhosts LIBDIR: /etc SHLIBEXT: so LOCKDIR: /var/lock/samba PIDDIR: /var/log/samba/locks SMB_PASSWD_FILE: /etc/private/smbpasswd PRIVATE_DIR: /etc/private System Headers: HAVE_SYS_ACL_H HAVE_SYS_CDEFS_H HAVE_SYS_FCNTL_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_QUOTA_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UNISTD_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H Headers: HAVE_ARPA_INET_H HAVE_ASM_TYPES_H HAVE_ATTR_XATTR_H HAVE_COM_ERR_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_FCNTL_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_GSSAPI_GENERIC_H HAVE_GSSAPI_GSSAPI_H HAVE_INTTYPES_H HAVE_KRB5_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIMITS_H HAVE_LINUX_DQBLK_XFS_H HAVE_LINUX_QUOTA_H HAVE_LINUX_XQM_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_MNTENT_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSS_H HAVE_POLL_H HAVE_READLINE_HISTORY_H HAVE_READLINE_READLINE_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_RPC_H HAVE_SECURITY_PAM_APPL_H HAVE_SECURITY_PAM_MODULES_H HAVE_SECURITY__PAM_MACROS_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDINT_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_STROPTS_H HAVE_SYSCALL_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_UNISTD_H HAVE_UTIME_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_ADDR HAVE_UT_UT_EXIT HAVE_UT_UT_HOST HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TV HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDRTYPE_IN_KRB5_ADDRESS HAVE_ASPRINTF HAVE_ASPRINTF_DECL HAVE_ATEXIT HAVE_BACKTRACE_SYMBOLS HAVE_BER_SCANF HAVE_BZERO HAVE_C99_VSNPRINTF HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_CREAT64 HAVE_CRYPT HAVE_DEVICE_MAJOR_FN HAVE_DEVICE_MINOR_FN HAVE_DIRENT_D_OFF HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENDMNTENT HAVE_ENDNETGRENT HAVE_ERRNO_DECL HAVE_EXECL HAVE_EXPLICIT_LARGEFILE_SUPPORT HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FCVT HAVE_FGETXATTR HAVE_FLISTXATTR HAVE_FOPEN64 HAVE_FREMOVEXATTR HAVE_FSEEKO64 HAVE_FSETXATTR HAVE_FSTAT HAVE_FSTAT64 HAVE_FSYNC HAVE_FTELLO64 HAVE_FTRUNCATE HAVE_FTRUNCATE64 HAVE_FTRUNCATE_EXTEND HAVE_FUNCTION_MACRO HAVE_GETCWD HAVE_GETDIRENTRIES HAVE_GETGRENT HAVE_GETGRNAM HAVE_GETMNTENT HAVE_GETNETGRENT HAVE_GETRLIMIT HAVE_GETSPNAM HAVE_GETTIMEOFDAY_TZ HAVE_GETXATTR HAVE_GLOB HAVE_GRANTPT HAVE_GSSAPI HAVE_GSS_DISPLAY_STATUS HAVE_ICONV HAVE_IFACE_IFCONF HAVE_IMMEDIATE_STRUCTURES HAVE_INITGROUPS HAVE_INNETGR HAVE_KERNEL_CHANGE_NOTIFY HAVE_KERNEL_OPLOCKS_LINUX HAVE_KERNEL_SHARE_MODES HAVE_KRB5 HAVE_KRB5_AUTH_CON_SETUSERUSERKEY HAVE_KRB5_ENCRYPT_DATA HAVE_KRB5_FREE_KTYPES HAVE_KRB5_GET_PERMITTED_ENCTYPES HAVE_KRB5_LOCATE_KDC HAVE_KRB5_MK_REQ_EXTENDED HAVE_KRB5_PRINCIPAL2SALT HAVE_KRB5_PRINC_COMPONENT HAVE_KRB5_SET_DEFAULT_TGS_KTYPES HAVE_KRB5_SET_REAL_TIME HAVE_KRB5_STRING_TO_KEY HAVE_KRB5_TKT_ENC_PART2 HAVE_KRB5_USE_ENCTYPE HAVE_LDAP HAVE_LDAP_DOMAIN2HOSTLIST HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LGETXATTR HAVE_LIBCOM_ERR HAVE_LIBGSSAPI_KRB5 HAVE_LIBK5CRYPTO HAVE_LIBKRB5 HAVE_LIBLBER HAVE_LIBLDAP HAVE_LIBPAM HAVE_LIBREADLINE HAVE_LIBRESOLV HAVE_LINK HAVE_LISTXATTR HAVE_LLISTXATTR HAVE_LLSEEK HAVE_LONGLONG HAVE_LREMOVEXATTR HAVE_LSEEK64 HAVE_LSETXATTR HAVE_LSTAT64 HAVE_MEMMOVE HAVE_MEMSET HAVE_MKNOD HAVE_MKTIME HAVE_MMAP HAVE_NATIVE_ICONV HAVE_NL_LANGINFO HAVE_OPEN64 HAVE_PATHCONF HAVE_PIPE HAVE_POLL HAVE_POSIX_ACLS HAVE_PREAD HAVE_PREAD64 HAVE_PUTUTLINE HAVE_PUTUTXLINE HAVE_PWRITE HAVE_PWRITE64 HAVE_QUOTACTL_4A HAVE_RAND HAVE_RANDOM HAVE_READDIR64 HAVE_READLINK HAVE_REALPATH HAVE_REMOVEXATTR HAVE_RENAME HAVE_ROOT HAVE_SECURE_MKSTEMP HAVE_SELECT HAVE_SETBUFFER HAVE_SETENV HAVE_SETGROUPS HAVE_SETLINEBUF HAVE_SETLOCALE HAVE_SETMNTENT HAVE_SETNETGRENT HAVE_SETPGID HAVE_SETRESGID HAVE_SETRESUID HAVE_SETSID HAVE_SETXATTR HAVE_SHMGET HAVE_SIGACTION HAVE_SIGBLOCK HAVE_SIGPROCMASK HAVE_SIGSET HAVE_SIG_ATOMIC_T_TYPE HAVE_SNPRINTF HAVE_SNPRINTF_DECL HAVE_SOCKLEN_T_TYPE HAVE_SRAND HAVE_SRANDOM HAVE_STAT64 HAVE_STAT_ST_BLKSIZE HAVE_STAT_ST_BLOCKS HAVE_STRCASECMP HAVE_STRCHR HAVE_STRDUP HAVE_STRERROR HAVE_STRFTIME HAVE_STRNDUP HAVE_STRNLEN HAVE_STRPBRK HAVE_STRTOUL HAVE_STRUCT_DIRENT64 HAVE_STRUCT_FLOCK64 HAVE_STRUCT_IF_DQBLK HAVE_STRUCT_STAT_ST_RDEV HAVE_ST_RDEV HAVE_SYMLINK HAVE_SYSCALL HAVE_SYSCONF HAVE_SYSLOG HAVE_SYS_QUOTAS HAVE_TIMEGM HAVE_UNIXSOCKET HAVE_UPDWTMP HAVE_UPDWTMPX HAVE_USLEEP HAVE_UTIMBUF HAVE_UTIME HAVE_UTIMES HAVE_VASPRINTF HAVE_VASPRINTF_DECL HAVE_VA_COPY HAVE_VOLATILE HAVE_VSNPRINTF HAVE_VSNPRINTF_DECL HAVE_VSYSLOG HAVE_WAITPID HAVE_XFS_EXT_ACLS HAVE_YP_GET_DEFAULT_DOMAIN HAVE__ET_LIST HAVE___CLOSE HAVE___DUP2 HAVE___FCNTL HAVE___FORK HAVE___FSTAT HAVE___FXSTAT HAVE___LSEEK HAVE___LSTAT HAVE___LXSTAT HAVE___OPEN HAVE___OPEN64 HAVE___PREAD64 HAVE___PWRITE64 HAVE___READ HAVE___STAT HAVE___WRITE HAVE___XSTAT --with Options: WITH_ADS WITH_PAM WITH_QUOTAS WITH_UTMP WITH_WINBIND Build Options: COMPILER_SUPPORTS_LL DEFAULT_DISPLAY_CHARSET DEFAULT_DOS_CHARSET DEFAULT_UNIX_CHARSET LDAP_SET_REBIND_PROC_ARGS LINUX PACKAGE_BUGREPORT PACKAGE_NAME PACKAGE_STRING PACKAGE_TARNAME PACKAGE_VERSION REPLACE_GETPASS RETSIGTYPE SEEKDIR_RETURNS_VOID SIZEOF_INO_T SIZEOF_INT SIZEOF_LONG SIZEOF_OFF_T SIZEOF_SHORT STAT_STATVFS64 STAT_ST_BLOCKSIZE STDC_HEADERS STRING_STATIC_MODULES SYSCONF_SC_NGROUPS_MAX TIME_WITH_SYS_TIME USE_SETRESUID WITH_ADS WITH_PAM WITH_QUOTAS WITH_WINBIND _FILE_OFFSET_BITS _GNU_SOURCE _LARGEFILE64_SOURCE _POSIX_C_SOURCE _POSIX_SOURCE offset_t static_init_auth static_init_charset static_init_idmap static_init_pdb static_init_rpc static_init_vfs vfs_audit_init vfs_default_quota_init vfs_extd_audit_init vfs_fake_perms_init vfs_netatalk_init vfs_readonly_init vfs_recycle_init Type sizes: sizeof(char): 1 sizeof(int): 4 sizeof(long): 4 sizeof(uint8): 1 sizeof(uint16): 2 sizeof(uint32): 4 sizeof(short): 2 sizeof(void*): 4 Builtin modules: pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_guest rpc_lsa rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_samr idmap_ldap idmap_tdb auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/smb.conf" Processing section "[global]" doing parameter workgroup = NEWCITRIX doing parameter server string = Snap Server 4500 doing parameter timestamp logs = yes doing parameter dos filetimes = yes doing parameter dos filemode = yes doing parameter inherit acls = yes doing parameter name cache timeout = 0 doing parameter winbind uid = 20000-600000 doing parameter winbind gid = 20000-600000 doing parameter guest account = guest doing parameter map to guest = Never doing parameter unix charset = CP1252 doing parameter dos charset = CP850 doing parameter security = ADS doing parameter realm = NEWCITRIX.VALHALLA doing parameter password server = NEWCITRIX.VALHALLA doing parameter disable netbios = No doing parameter encrypt passwords = Yes doing parameter username level = 5 doing parameter debug level = 0 doing parameter include = /etc/smb.conf.perm params.c:pm_process() - Processing configuration file "/etc/smb.conf.perm" doing parameter panic action = /usr/bin/backtrace %d > /tmp/segv_samba_%d.out 2>&1 doing parameter root preexec = /usr/local/samba/bin/log_connect.sh '%u' '%m' '%I' '%S' doing parameter root postexec = /usr/local/samba/bin/log_disconnect.sh '%u' '%m' '%I' '%S' doing parameter wins server = eth0:10.33.0.100 eth0:10.33.32.24 doing parameter username level = 0 doing parameter realm = NEWCITRIX.VALHALLA doing parameter include = /etc/smb.conf.extra Can't find include file /etc/smb.conf.extra doing parameter include = /etc/smb_shares.conf params.c:pm_process() - Processing configuration file "/etc/smb_shares.conf" Processing section "[SHARE1]" doing parameter path = /shares/SHARE1 doing parameter read only = no doing parameter comment = doing parameter follow symlinks = no doing parameter printable = no doing parameter browseable = yes doing parameter map acl inherit = yes doing parameter create mask = 0777 doing parameter security mask = 0777 doing parameter directory mask = 0777 doing parameter directory security mask = 0777 doing parameter create mask_ext = 0777 doing parameter directory mask_ext = 0777 doing parameter guest ok = No doing parameter write list = @"AllUsers" pm_process() returned Yes lp_servicenumber: couldn't find homes adding IPC service adding IPC service set_server_role: role = ROLE_DOMAIN_MEMBER Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Substituting charset 'ANSI_X3.4-1968' for LOCALE Failed to load /etc/valid.dat - No such file or directory creating default valid table lp_servicenumber: couldn't find printers lp_servicenumber: couldn't find printers lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 added interface ip=10.33.1.170 bcast=10.33.31.255 nmask=255.255.224.0 Hash size = 521. Netbios name list:- my_netbios_names[0]="MKAP-TYPHOON" loaded services fcntl_lock 6 13 0 1 1 fcntl_lock: Lock call successful Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED update_c_setprinter: c_setprinter = 0 claiming 0 bind succeeded on port 445 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 0 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 bind succeeded on port 139 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 0 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 waiting for a connection namecache_enable: disabling netbios name cache reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] sorted_tree_add: Enter sorted_tree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree sorted_tree_add: Exit Trying to load: smbpasswd Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match smbpasswd (smbpasswd) Found pdb backend smbpasswd pdb backend smbpasswd has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 open_oplock_ipc: opening loopback UDP socket. bind succeeded on port 0 Linux kernel oplocks enabled open_oplock ipc: pid = 19651, global_oplock_port = 16391 Serverzone is 0 got smb length of 133 got message type 0x0 of len 0x85 Transaction 0 of length 137 size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. switch message SMBnegprot (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [LANMAN1.0] Requested protocol [Windows for Workgroups 3.1a] Requested protocol [LM1.2X002] Requested protocol [LANMAN2.1] Requested protocol [NT LM 0.12] lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 using SPNEGO Selected protocol NT LM 0.12 negprot index=5 size=177 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=49920 (0xC300) smb_vwv[ 8]= 76 (0x4C) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 227 (0xE3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=20764 (0x511C) smb_vwv[13]=49217 (0xC041) smb_vwv[14]=50033 (0xC371) smb_vwv[15]= 1 (0x1) smb_vwv[16]=27648 (0x6C00) smb_bcc=108 [000] 6D 6B 61 70 2D 74 79 70 68 6F 6F 6E 00 00 00 00 mkap-typ hoon.... [010] 60 5A 06 06 2B 06 01 05 05 02 A0 50 30 4E A0 24 `Z..+... ...P0N.$ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [040] 37 02 02 0A A3 26 30 24 A0 22 1B 20 6D 6B 61 70 7....&0$ .". mkap [050] 2D 74 79 70 68 6F 6F 6E 24 40 4E 45 57 43 49 54 -typhoon $@NEWCIT [060] 52 49 58 2E 56 41 4C 48 41 4C 4C 41 RIX.VALH ALLA write_socket(16,181) write_socket(16,181) wrote 181 got smb length of 198 got message type 0x0 of len 0xc6 Transaction 1 of length 202 size=198 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=12800 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 198 (0xC6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 66 (0x42) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=139 [000] 60 40 06 06 2B 06 01 05 05 02 A0 36 30 34 A0 0E `@..+... ...604.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 22 0...+... ..7...." [020] 04 20 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 . NTLMSS P....... [030] 00 E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [050] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [060] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [070] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [080] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... switch message SMBsesssetupX (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 32 Making default auth method list for security=ADS Attempting to register auth backend rhosts Successfully added auth method 'rhosts' Attempting to register auth backend hostsequiv Successfully added auth method 'hostsequiv' Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend unix Successfully added auth method 'unix' Attempting to register auth backend winbind Successfully added auth method 'winbind' Attempting to register auth backend smbserver Successfully added auth method 'smbserver' Attempting to register auth backend trustdomain Successfully added auth method 'trustdomain' Attempting to register auth backend ntdomain Successfully added auth method 'ntdomain' Attempting to register auth backend guest Successfully added auth method 'guest' load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xe0008297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] 30 1A C9 E8 AB F1 3E 45 0.....>E write_socket(16,334) write_socket(16,334) wrote 334 got smb length of 316 got message type 0x0 of len 0x13c Transaction 2 of length 320 size=316 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=12864 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 316 (0x13C) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 184 (0xB8) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=257 [000] A1 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 7C 00 00 00 SSP..... ....|... [020] 18 00 18 00 94 00 00 00 18 00 18 00 40 00 00 00 ........ ....@... [030] 0A 00 0A 00 58 00 00 00 1A 00 1A 00 62 00 00 00 ....X... ....b... [040] 00 00 00 00 AC 00 00 00 15 02 80 20 6D 00 6B 00 ........ ... m.k. [050] 61 00 70 00 2D 00 74 00 79 00 70 00 68 00 6F 00 a.p.-.t. y.p.h.o. [060] 6F 00 6E 00 61 00 64 00 6D 00 69 00 6E 00 4D 00 o.n.a.d. m.i.n.M. [070] 4B 00 41 00 50 00 4C 00 41 00 4E 00 2D 00 57 00 K.A.P.L. A.N.-.W. [080] 49 00 4E 00 32 00 4B 00 12 7D 33 E4 0B A6 D1 2E I.N.2.K. .}3..... [090] 66 78 9D 60 36 90 2B 1A 6D 80 72 B3 5B CA 8B D3 fx.`6.+. m.r.[... [0A0] 22 39 7E A7 A7 F4 6D 89 7B 15 A3 81 B6 42 1F E8 "9~...m. {....B.. [0B0] E4 67 9C 73 39 52 E6 9E 00 57 00 69 00 6E 00 64 .g.s9R.. .W.i.n.d [0C0] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [0D0] 00 20 00 32 00 31 00 39 00 35 00 00 00 57 00 69 . .2.1.9 .5...W.i [0E0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0F0] 00 30 00 30 00 20 00 35 00 2E 00 30 00 00 00 00 .0.0. .5 ...0.... [100] 00 . switch message SMBsesssetupX (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] Got user=[admin] domain=[mkap-typhoon] workstation=[MKAPLAN-WIN2K] len1=24 len2=24 lp_file_list_changed() file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 make_user_info_map: Mapping user [mkap-typhoon]\[admin] from workstation [MKAPLAN-WIN2K] Opening cache file at /var/lock/samba/gencache.tdb Cache entry with key = TDOM/MKAP-TYPHOON couldn't be found no entry for trusted domain mkap-typhoon found. attempting to make a user_info for admin (admin) making strings for admin's user_info struct making blobs for admin's user_info struct made an encrypted user_info for admin (admin) check_ntlm_password: Checking password for unmapped user [mkap-typhoon]\[admin]@[MKAPLAN-WIN2K] with the new password interface check_ntlm_password: mapped user is: [mkap-typhoon]\[admin]@[MKAPLAN-WIN2K] check_ntlm_password: auth_context challenge created by random challenge is: [000] 30 1A C9 E8 AB F1 3E 45 0.....>E check_ntlm_password: guest had nothing to say is_myname("mkap-typhoon") returns 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups getsampwnam (smbpasswd): search by name: admin startsmbfilepwent_internal: opening file /etc/private/smbpasswd getsmbfilepwent: returning passwd entry for user guest, uid 4 getsmbfilepwent: returning passwd entry for user admin, uid 1 endsmbfilepwent_internal: closed password file. getsampwnam (smbpasswd): found by name: admin pdb_set_username: setting username admin, was element 11 -> now SET pdb_set_full_name: setting full name admin, was element 12 -> now SET pdb_set_unix_homedir: setting home dir /local_user_, was NULL element 21 -> now SET pdb_set_domain: setting domain MKAP-TYPHOON, was pdb_set_user_sid: setting user sid S-1-5-21-1250349775-4091538868-537732204-1002 element 17 -> now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1250349775-4091538868-537732204-1002 from rid 1002 pdb_set_group_sid: setting group sid S-1-5-21-1250349775-4091538868-537732204-1201 element 18 -> now SET Home server: mkap-typhoon pdb_set_profile_path: setting profile path \\mkap-typhoon\admin\profile, was Home server: mkap-typhoon pdb_set_homedir: setting home dir \\mkap-typhoon\admin, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was element 31 -> now SET element 30 -> now SET element 19 -> now SET element 20 -> now SET element 8 -> now SET pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 sam_password_ok: Checking NT MD4 password sam_account_ok: Checking SMB password for user admin sys_getgrouplist: user [admin] sys_getgrouplist(): disabled winbindd for group lookup [user == admin] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 local_gid_to_sid: gid (100) -> SID S-1-5-21-1250349775-4091538868-537732204-1201. gid_to_sid: local 100 -> S-1-5-21-1250349775-4091538868-537732204-1201 fetch sid from gid cache 100 -> S-1-5-21-1250349775-4091538868-537732204-1201 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 local_gid_to_sid: gid (0) -> SID S-1-5-21-1250349775-4091538868-537732204-1001. gid_to_sid: local 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 make_server_info_sam: made server info for user admin -> admin check_ntlm_password: sam authentication for user [admin] succeeded push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: PAM Account for user [admin] succeeded check_ntlm_password: authentication for user [admin] -> [admin] -> [admin] succeeded attempting to free (and zero) a user_info structure structure was created for admin register_vuid: allocated vuid = 100 register_vuid: (1,100) admin admin MKAP-TYPHOON guest=0 User name: admin Real name: admin UNIX uid 1 is UNIX user admin, and will be vuid 100 Adding/updating homes service for user 'admin' using home directory: '/local_user_' lp_servicenumber: couldn't find homes write_socket(16,184) write_socket(16,184) wrote 184 got smb length of 92 got message type 0x0 of len 0x5c Transaction 3 of length 96 size=92 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=12928 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=49 [000] 00 5C 00 5C 00 31 00 30 00 2E 00 33 00 33 00 2E .\.\.1.0 ...3.3.. [010] 00 31 00 2E 00 31 00 37 00 30 00 5C 00 53 00 48 .1...1.7 .0.\.S.H [020] 00 41 00 52 00 45 00 31 00 00 00 3F 3F 3F 3F 3F .A.R.E.1 ...????? [030] 00 . switch message SMBtconX (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [SHARE1] making a connection to 'normal' service share1 Finding user admin Trying _Get_Pwnam(), username as lowercase is admin Get_Pwnam_internals did find user [admin]! user_in_list: checking user admin in list user_in_list: checking user |admin| against |@AllUsers| Unable to get default yp domain Connect path is '/shares/SHARE1' for service [SHARE1] get_share_security: using default secdesc for SHARE1 se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks claiming SHARE1 0 cmd=/usr/local/samba/bin/log_connect.sh 'admin' 'mkaplan-win2k' '10.33.1.136' 'SHARE1' get_share_security: using default secdesc for SHARE1 se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) mkaplan-win2k (10.33.1.136) connect to service SHARE1 initially as user admin (uid=1, gid=100) (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=SHARE1 size=54 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=12928 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=13 [000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... write_socket(16,58) write_socket(16,58) wrote 58 got smb length of 70 got message type 0x0 of len 0x46 Transaction 4 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3036 smb_uid=100 smb_mid=12992 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 08 0A 00 02 01 ..... switch message SMBtrans2 (pid 19651) setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) vfs_ChDir to /shares/SHARE1 call_trans2qfsinfo: level = 258 call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = 6, vol=SHARE1 serv=SHARE1 t2_rep: params_sent_thistime = 0, data_sent_thistime = 30, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 30, paramsize = 0, datasize = 30 write_socket(16,90) write_socket(16,90) wrote 90 SMBtrans2 info_level = 258 got smb length of 100 got message type 0x0 of len 0x64 Transaction 5 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=13057 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 50 00 2D EC 03 00 00 00 00 5C 00 44 00 65 00 73 P.-..... .\.D.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) error string = No such file or directory error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=13057 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 110 got message type 0x0 of len 0x6e Transaction 6 of length 114 size=110 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13121 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6144 (0x1800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=27 [000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p [010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini unix_mode(Desktop.ini) returning 0766 allocated file structure 5667, fnum = 9763 (1 used) open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) freed files structure 9763 (0 used) error string = No such file or directory error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13121 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 7 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=13185 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 50 00 2D EC 03 00 00 00 00 5C 00 44 00 65 00 73 P.-..... .\.D.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) error string = No such file or directory error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=13185 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 110 got message type 0x0 of len 0x6e Transaction 8 of length 114 size=110 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13249 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6144 (0x1800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=27 [000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p [010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini unix_mode(Desktop.ini) returning 0766 allocated file structure 5668, fnum = 9764 (1 used) open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) freed files structure 9764 (0 used) error string = No such file or directory error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13249 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 76 got message type 0x0 of len 0x4c Transaction 9 of length 80 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13313 smt_wct=15 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 8 (0x8) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=11 [000] 08 0A 00 EC 03 00 00 00 00 00 00 ........ ... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "" unix_clean_name [] conversion finished . -> . is_in_path: . is_in_path: no name list. unix_clean_name [.] call_trans2qfilepathinfo . level=1004 call=5 total_data=0 dos_mode: . is_in_path: . is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Wed Sep 3 02:05:05 2003 access: Wed Sep 3 02:08:48 2003 write: Wed Sep 3 02:05:05 2003 change: Wed Sep 3 02:05:05 2003 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 70 got message type 0x0 of len 0x46 Transaction 10 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13377 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 08 0A 00 EF 03 ..... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 100 got message type 0x0 of len 0x64 Transaction 11 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13441 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 00 6C 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 .l...... .\.d.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\desktop.ini" unix_clean_name [/desktop.ini] unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file desktop.ini is_in_path: desktop.ini is_in_path: no name list. unix_clean_name [desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) error string = No such file or directory error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13441 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 86 got message type 0x0 of len 0x56 Transaction 12 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13505 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 6C 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .l...V.. .......\ [010] 00 2A 00 00 00 .*... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\*" unix_clean_name [/*] unix_convert begin: name = *, dirpath = , start = * New file * is_in_path: * is_in_path: no name list. unix_clean_name [*] dir=./, mask = * start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 ms_fnmatch(*,.) -> 0 dos_mode: ./. is_in_path: ./. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./. fname=. get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 ms_fnmatch(*,.) -> 0 dos_mode: ./.. is_in_path: ./.. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./.. fname=.. get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 ms_fnmatch(*,.os_private) -> 0 dos_mode: ./.os_private dos_mode returning hd get_lanman2_dir_entry found ./.os_private fname=.os_private get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 ms_fnmatch(*,s) -> 0 dos_mode: ./s is_in_path: ./s is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./s fname=s get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 ms_fnmatch(*,1) -> 0 dos_mode: ./1 is_in_path: ./1 is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./1 fname=1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 ms_fnmatch(*,b) -> 0 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 600, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 600, paramsize = 10, datasize = 600 write_socket(16,672) write_socket(16,672) wrote 672 SMBtrans2 mask=* directory=./ dirtype=22 numentries=6 got smb length of 88 got message type 0x0 of len 0x58 Transaction 13 of length 92 size=88 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13569 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=5 [000] 00 5C 00 00 00 .\... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x100001, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "\" unix_clean_name [/] conversion finished . -> . unix_mode(.) returning 0766 allocated file structure 5669, fnum = 9765 (1 used) open_directory: opening directory . dos_mode: . is_in_path: . is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 9765, open name = . size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13569 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 9472 (0x2500) smb_vwv[ 3]= 294 (0x126) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=46110 (0xB41E) smb_vwv[ 7]=49098 (0xBFCA) smb_vwv[ 8]=50033 (0xC371) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]=40760 (0x9F38) smb_vwv[11]=49231 (0xC04F) smb_vwv[12]=50033 (0xC371) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=46110 (0xB41E) smb_vwv[15]=49098 (0xBFCA) smb_vwv[16]=50033 (0xC371) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=46110 (0xB41E) smb_vwv[19]=49098 (0xBFCA) smb_vwv[20]=50033 (0xC371) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 84 got message type 0x0 of len 0x54 Transaction 14 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13633 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 23 (0x17) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 9765 (0x2625) smb_vwv[22]= 0 (0x0) smb_bcc=3 [000] 00 00 10 ... switch message SMBnttrans (pid 19651) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] 17 00 00 00 25 26 00 00 ....%&.. call_nt_transact_notify_change kernel change notify on . (ntflags=0x17 flags=0x3e) fd=27 call_nt_transact_notify_change: notify change called on directory name = . got smb length of 84 got message type 0x0 of len 0x54 Transaction 15 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13696 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 3 (0x3) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 9765 (0x2625) smb_vwv[22]= 1 (0x1) smb_bcc=3 [000] 00 00 10 ... switch message SMBnttrans (pid 19651) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] 03 00 00 00 25 26 01 00 ....%&.. call_nt_transact_notify_change kernel change notify on . (ntflags=0x3 flags=0x1e) fd=28 call_nt_transact_notify_change: notify change called on directory name = . got smb length of 100 got message type 0x0 of len 0x64 Transaction 16 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=13762 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 02 00 00 EC 03 00 00 00 00 5C 00 44 00 65 00 73 ........ .\.D.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) error string = No such file or directory error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=13762 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 110 got message type 0x0 of len 0x6e Transaction 17 of length 114 size=110 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13826 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6144 (0x1800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=27 [000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p [010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini unix_mode(Desktop.ini) returning 0766 allocated file structure 5670, fnum = 9766 (2 used) open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) freed files structure 9766 (1 used) error string = No such file or directory error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13826 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 18 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=13890 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 02 00 00 EC 03 00 00 00 00 5C 00 44 00 65 00 73 ........ .\.D.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) error string = No such file or directory error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=13890 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 110 got message type 0x0 of len 0x6e Transaction 19 of length 114 size=110 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13954 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6144 (0x1800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=27 [000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p [010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini unix_mode(Desktop.ini) returning 0766 allocated file structure 5671, fnum = 9767 (2 used) open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) freed files structure 9767 (1 used) error string = No such file or directory error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=13954 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 70 got message type 0x0 of len 0x46 Transaction 20 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14018 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 63 00 EF 03 .c... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 100 got message type 0x0 of len 0x64 Transaction 21 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=14082 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 00 6C 00 EC 03 00 00 00 00 5C 00 44 00 65 00 73 .l...... .\.D.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) error string = No such file or directory error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=14082 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 110 got message type 0x0 of len 0x6e Transaction 22 of length 114 size=110 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14146 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6144 (0x1800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=27 [000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p [010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini unix_mode(Desktop.ini) returning 0766 allocated file structure 5672, fnum = 9768 (2 used) open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) freed files structure 9768 (1 used) error string = No such file or directory error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14146 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 23 of length 104 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=14210 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [000] 00 6C 00 EC 03 00 00 00 00 5C 00 44 00 65 00 73 .l...... .\.D.e.s [010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [020] 00 00 00 ... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) error string = No such file or directory error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=14210 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 110 got message type 0x0 of len 0x6e Transaction 24 of length 114 size=110 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14274 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6144 (0x1800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=27 [000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p [010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "\Desktop.ini" unix_clean_name [/Desktop.ini] unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file Desktop.ini unix_mode(Desktop.ini) returning 0766 allocated file structure 5673, fnum = 9769 (2 used) open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 is_in_path: Desktop.ini is_in_path: no name list. unix_clean_name [Desktop.ini] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) freed files structure 9769 (1 used) error string = No such file or directory error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14274 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 70 got message type 0x0 of len 0x46 Transaction 25 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14338 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 6C 00 EF 03 .l... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 70 got message type 0x0 of len 0x46 Transaction 26 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3036 smb_uid=100 smb_mid=14402 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 6C 00 05 01 .l... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 write_socket(16,80) write_socket(16,80) wrote 80 SMBtrans2 info_level = 261 got smb length of 70 got message type 0x0 of len 0x46 Transaction 27 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3036 smb_uid=100 smb_mid=14466 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 6C 00 02 01 .l... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 258 call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = 6, vol=SHARE1 serv=SHARE1 t2_rep: params_sent_thistime = 0, data_sent_thistime = 30, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 30, paramsize = 0, datasize = 30 write_socket(16,90) write_socket(16,90) wrote 90 SMBtrans2 info_level = 258 got smb length of 86 got message type 0x0 of len 0x56 Transaction 28 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3036 smb_uid=100 smb_mid=14530 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] FF FF 7F 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 2A 00 00 00 .*... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\*" unix_clean_name [/*] unix_convert begin: name = *, dirpath = , start = * New file * is_in_path: * is_in_path: no name list. unix_clean_name [*] dir=./, mask = * start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 ms_fnmatch(*,.) -> 0 dos_mode: ./. is_in_path: ./. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./. fname=. get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 ms_fnmatch(*,.) -> 0 dos_mode: ./.. is_in_path: ./.. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./.. fname=.. get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 ms_fnmatch(*,.os_private) -> 0 dos_mode: ./.os_private dos_mode returning hd get_lanman2_dir_entry found ./.os_private fname=.os_private get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 ms_fnmatch(*,s) -> 0 dos_mode: ./s is_in_path: ./s is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./s fname=s get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 ms_fnmatch(*,1) -> 0 dos_mode: ./1 is_in_path: ./1 is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./1 fname=1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 ms_fnmatch(*,b) -> 0 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 600, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 600, paramsize = 10, datasize = 600 write_socket(16,672) write_socket(16,672) wrote 672 SMBtrans2 mask=* directory=./ dirtype=22 numentries=6 got smb length of 70 got message type 0x0 of len 0x46 Transaction 29 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3036 smb_uid=100 smb_mid=14594 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 6C 00 EF 03 .l... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 write_socket(16,92) write_socket(16,92) wrote 92 SMBtrans2 info_level = 1007 got smb length of 86 got message type 0x0 of len 0x56 Transaction 30 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14658 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 6C 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .l...V.. .......\ [010] 00 2A 00 00 00 .*... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\*" unix_clean_name [/*] unix_convert begin: name = *, dirpath = , start = * New file * is_in_path: * is_in_path: no name list. unix_clean_name [*] dir=./, mask = * start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 ms_fnmatch(*,.) -> 0 dos_mode: ./. is_in_path: ./. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./. fname=. get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 ms_fnmatch(*,.) -> 0 dos_mode: ./.. is_in_path: ./.. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./.. fname=.. get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 ms_fnmatch(*,.os_private) -> 0 dos_mode: ./.os_private dos_mode returning hd get_lanman2_dir_entry found ./.os_private fname=.os_private get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 ms_fnmatch(*,s) -> 0 dos_mode: ./s is_in_path: ./s is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./s fname=s get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 ms_fnmatch(*,1) -> 0 dos_mode: ./1 is_in_path: ./1 is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./1 fname=1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 ms_fnmatch(*,b) -> 0 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 600, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 600, paramsize = 10, datasize = 600 write_socket(16,672) write_socket(16,672) wrote 672 SMBtrans2 mask=* directory=./ dirtype=22 numentries=6 got smb length of 86 got message type 0x0 of len 0x56 Transaction 31 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14722 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] stat_cache_add: Added entry B -> b conversion finished b -> b is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 80 got message type 0x0 of len 0x50 Transaction 32 of length 84 size=80 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14786 smt_wct=15 smb_vwv[ 0]= 12 (0xC) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 12 (0xC) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=15 [000] 00 6C 00 EC 03 00 00 00 00 5C 00 62 00 00 00 .l...... .\.b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] call_trans2qfilepathinfo b level=1004 call=5 total_data=0 dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Wed Sep 3 02:05:05 2003 access: Wed Sep 3 02:06:03 2003 write: Wed Sep 3 02:05:05 2003 change: Wed Sep 3 02:05:05 2003 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 90 got message type 0x0 of len 0x5a Transaction 33 of length 94 size=90 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14850 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=7 [000] 00 5C 00 62 00 00 00 .\.b... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x80 to open_mode 0x8040 unix_convert called on file "\b" unix_clean_name [/b] unix_mode(b) returning 0766 allocated file structure 5674, fnum = 9770 (2 used) open_file_shared: fname = b, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 is_in_path: b is_in_path: no name list. unix_clean_name [b] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name b, flags = 0400000 mode = 0766, fd = 29. freed files structure 9770 (1 used) allocated file structure 5675, fnum = 9771 (2 used) open_directory: opening directory b dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 9771, open name = b size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14850 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=11008 (0x2B00) smb_vwv[ 3]= 294 (0x126) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=46110 (0xB41E) smb_vwv[ 7]=49098 (0xBFCA) smb_vwv[ 8]=50033 (0xC371) smb_vwv[ 9]=32769 (0x8001) smb_vwv[10]=17975 (0x4637) smb_vwv[11]=49133 (0xBFED) smb_vwv[12]=50033 (0xC371) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=46110 (0xB41E) smb_vwv[15]=49098 (0xBFCA) smb_vwv[16]=50033 (0xC371) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=46110 (0xB41E) smb_vwv[19]=49098 (0xBFCA) smb_vwv[20]=50033 (0xC371) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 72 got message type 0x0 of len 0x48 Transaction 34 of length 76 size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14914 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 2046 (0x7FE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [000] 00 6C 00 2B 26 FE 03 .l.+&.. switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 unix_convert called on file "b" unix_clean_name [b] is_in_path: b is_in_path: no name list. unix_clean_name [b] call_trans2qfilepathinfo b level=1022 call=7 total_data=0 dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d t2_rep: params_sent_thistime = 2, data_sent_thistime = 0, useable_space = 131012 t2_rep: params_to_send = 2, data_to_send = 0, paramsize = 2, datasize = 0 write_socket(16,62) write_socket(16,62) wrote 62 got smb length of 72 got message type 0x0 of len 0x48 Transaction 35 of length 76 size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=14978 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [000] 00 6C 00 2B 26 EC 03 .l.+&.. switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 unix_convert called on file "b" unix_clean_name [b] is_in_path: b is_in_path: no name list. unix_clean_name [b] call_trans2qfilepathinfo b level=1004 call=7 total_data=0 dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Wed Sep 3 02:05:05 2003 access: Wed Sep 3 02:06:03 2003 write: Wed Sep 3 02:05:05 2003 change: Wed Sep 3 02:05:05 2003 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 41 got message type 0x0 of len 0x29 Transaction 36 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15042 smt_wct=3 smb_vwv[ 0]= 9771 (0x262B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 19651) change_to_user: Skipping user change - already user close directory fnum=9771 freed files structure 9771 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15042 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 86 got message type 0x0 of len 0x56 Transaction 37 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15106 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 86 got message type 0x0 of len 0x56 Transaction 38 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15170 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 39 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .9...V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 70 got message type 0x0 of len 0x46 Transaction 39 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15234 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 6C 00 05 01 .l... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 write_socket(16,80) write_socket(16,80) wrote 80 SMBtrans2 info_level = 261 got smb length of 86 got message type 0x0 of len 0x56 Transaction 40 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15298 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 86 got message type 0x0 of len 0x56 Transaction 41 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15362 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 86 got message type 0x0 of len 0x56 Transaction 42 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15426 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 6C 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .l...V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 90 got message type 0x0 of len 0x5a Transaction 43 of length 94 size=90 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15490 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=7 [000] 00 5C 00 62 00 00 00 .\.b... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: Mapped desired access 0x20089, share access 0x3, file attributes 0x80 to open_mode 0x40 unix_convert called on file "\b" unix_clean_name [/b] unix_mode(b) returning 0766 allocated file structure 5676, fnum = 9772 (2 used) open_file_shared: fname = b, share_mode = 40, ofun = 1, mode = 766, oplock request = 3 is_in_path: b is_in_path: no name list. unix_clean_name [b] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name b, flags = 0400000 mode = 0766, fd = 29. freed files structure 9772 (1 used) allocated file structure 5677, fnum = 9773 (2 used) open_directory: opening directory b dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 9773, open name = b size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15490 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=11520 (0x2D00) smb_vwv[ 3]= 294 (0x126) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=46110 (0xB41E) smb_vwv[ 7]=49098 (0xBFCA) smb_vwv[ 8]=50033 (0xC371) smb_vwv[ 9]=32769 (0x8001) smb_vwv[10]=17975 (0x4637) smb_vwv[11]=49133 (0xBFED) smb_vwv[12]=50033 (0xC371) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=46110 (0xB41E) smb_vwv[15]=49098 (0xBFCA) smb_vwv[16]=50033 (0xC371) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=46110 (0xB41E) smb_vwv[19]=49098 (0xBFCA) smb_vwv[20]=50033 (0xC371) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 84 got message type 0x0 of len 0x54 Transaction 44 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15554 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 64 (0x40) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 168 (0xA8) smb_vwv[20]= 9 (0x9) smb_vwv[21]= 9773 (0x262D) smb_vwv[22]= 1 (0x1) smb_bcc=3 [000] 00 72 00 .r. switch message SMBnttrans (pid 19651) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] A8 00 09 00 2D 26 01 00 ....-&.. call_nt_transact_ioctl: function[0x000900A8] FID[0x262D] isFSctl[0x01] compfilter[0x00] FSCTL_GET_REPARSE_POINT: called on FID[0x262D](but not implemented) error packet at smbd/nttrans.c(104) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 41 got message type 0x0 of len 0x29 Transaction 45 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15618 smt_wct=3 smb_vwv[ 0]= 9773 (0x262D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 19651) change_to_user: Skipping user change - already user close directory fnum=9773 freed files structure 9773 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=15618 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 86 got message type 0x0 of len 0x56 Transaction 46 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15682 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 6C 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .l...V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 70 got message type 0x0 of len 0x46 Transaction 47 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15746 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 00 00 05 01 ..... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 write_socket(16,80) write_socket(16,80) wrote 80 SMBtrans2 info_level = 261 got smb length of 88 got message type 0x0 of len 0x58 Transaction 48 of length 92 size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15810 smt_wct=15 smb_vwv[ 0]= 20 (0x14) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 20 (0x14) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=23 [000] 00 6C 00 EC 03 00 00 00 00 5C 00 62 00 2E 00 64 .l...... .\.b...d [010] 00 6C 00 6C 00 00 00 .l.l... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\b.dll" unix_clean_name [/b.dll] unix_convert begin: name = b.dll, dirpath = , start = b.dll is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. New file b.dll is_in_path: b.dll is_in_path: no name list. unix_clean_name [b.dll] call_trans2qfilepathinfo: SMB_VFS_STAT of b.dll failed (No such file or directory) error string = No such file or directory error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15810 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 90 got message type 0x0 of len 0x5a Transaction 49 of length 94 size=90 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15874 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=7 [000] 00 5C 00 62 00 00 00 .\.b... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20089, share access 0x5, file attributes 0x0 to open_mode 0x8020 unix_convert called on file "\b" unix_clean_name [/b] unix_mode(b) returning 0766 allocated file structure 5678, fnum = 9774 (2 used) open_file_shared: fname = b, share_mode = 8020, ofun = 1, mode = 766, oplock request = 3 is_in_path: b is_in_path: no name list. unix_clean_name [b] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name b, flags = 0400000 mode = 0766, fd = 29. freed files structure 9774 (1 used) error string = Is a directory error packet at smbd/nttrans.c(833) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY size=35 smb_com=0xa2 smb_rcls=186 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=15874 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) got smb length of 80 got message type 0x0 of len 0x50 Transaction 50 of length 84 size=80 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=15938 smt_wct=15 smb_vwv[ 0]= 12 (0xC) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 12 (0xC) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=15 [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 00 00 ........ .\.b... switch message SMBtrans2 (pid 19651) setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] call_trans2qfilepathinfo b level=1004 call=5 total_data=0 dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Wed Sep 3 02:05:05 2003 access: Wed Sep 3 02:06:03 2003 write: Wed Sep 3 02:05:05 2003 change: Wed Sep 3 02:05:05 2003 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 90 got message type 0x0 of len 0x5a Transaction 51 of length 94 size=90 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16002 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=7 [000] 00 5C 00 62 00 00 00 .\.b... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: Mapped desired access 0x20089, share access 0x1, file attributes 0x80 to open_mode 0x20 unix_convert called on file "\b" unix_clean_name [/b] unix_mode(b) returning 0766 allocated file structure 5679, fnum = 9775 (2 used) open_file_shared: fname = b, share_mode = 20, ofun = 1, mode = 766, oplock request = 3 is_in_path: b is_in_path: no name list. unix_clean_name [b] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name b, flags = 0400000 mode = 0766, fd = 29. freed files structure 9775 (1 used) error string = Is a directory error packet at smbd/nttrans.c(833) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY size=35 smb_com=0xa2 smb_rcls=186 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16002 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 80 got message type 0x0 of len 0x50 Transaction 52 of length 84 size=80 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8 smb_uid=100 smb_mid=16066 smt_wct=15 smb_vwv[ 0]= 12 (0xC) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 12 (0xC) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=15 [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 00 00 ........ .\.b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] call_trans2qfilepathinfo b level=1004 call=5 total_data=0 dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Wed Sep 3 02:05:05 2003 access: Wed Sep 3 02:06:03 2003 write: Wed Sep 3 02:05:05 2003 change: Wed Sep 3 02:05:05 2003 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 90 got message type 0x0 of len 0x5a Transaction 53 of length 94 size=90 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16130 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=7 [000] 00 5C 00 62 00 00 00 .\.b... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: Mapped desired access 0x20089, share access 0x0, file attributes 0x80 to open_mode 0x10 unix_convert called on file "\b" unix_clean_name [/b] unix_mode(b) returning 0766 allocated file structure 5680, fnum = 9776 (2 used) open_file_shared: fname = b, share_mode = 10, ofun = 1, mode = 766, oplock request = 3 is_in_path: b is_in_path: no name list. unix_clean_name [b] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name b, flags = 0400000 mode = 0766, fd = 29. freed files structure 9776 (1 used) error string = Is a directory error packet at smbd/nttrans.c(833) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY size=35 smb_com=0xa2 smb_rcls=186 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16130 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 92 got message type 0x0 of len 0x5c Transaction 54 of length 96 size=92 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=16194 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=49 [000] 00 5C 00 5C 00 31 00 30 00 2E 00 33 00 33 00 2E .\.\.1.0 ...3.3.. [010] 00 31 00 2E 00 31 00 37 00 30 00 5C 00 53 00 48 .1...1.7 .0.\.S.H [020] 00 41 00 52 00 45 00 31 00 00 00 3F 3F 3F 3F 3F .A.R.E.1 ...????? [030] 00 . switch message SMBtconX (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [SHARE1] making a connection to 'normal' service share1 Finding user admin Trying _Get_Pwnam(), username as lowercase is admin Get_Pwnam_internals did find user [admin]! user_in_list: checking user admin in list user_in_list: checking user |admin| against |@AllUsers| Unable to get default yp domain Connect path is '/shares/SHARE1' for service [SHARE1] get_share_security: using default secdesc for SHARE1 se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks claiming SHARE1 0 cmd=/usr/local/samba/bin/log_connect.sh 'admin' 'mkaplan-win2k' '10.33.1.136' 'SHARE1' get_share_security: using default secdesc for SHARE1 se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) mkaplan-win2k (10.33.1.136) connect to service SHARE1 initially as user admin (uid=1, gid=100) (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=SHARE1 size=54 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16194 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=13 [000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... write_socket(16,58) write_socket(16,58) wrote 58 got smb length of 80 got message type 0x0 of len 0x50 Transaction 55 of length 84 size=80 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=2156 smb_uid=100 smb_mid=16258 smt_wct=15 smb_vwv[ 0]= 12 (0xC) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 12 (0xC) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=15 [000] 1B BC 01 EC 03 00 00 00 00 5C 00 62 00 00 00 ........ .\.b... switch message SMBtrans2 (pid 19651) setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] call_trans2qfilepathinfo b level=1004 call=5 total_data=0 dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d SMB_QFBI - create: Wed Sep 3 02:05:05 2003 access: Wed Sep 3 02:06:03 2003 write: Wed Sep 3 02:05:05 2003 change: Wed Sep 3 02:05:05 2003 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 write_socket(16,104) write_socket(16,104) wrote 104 got smb length of 70 got message type 0x0 of len 0x46 Transaction 56 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=2156 smb_uid=100 smb_mid=16322 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 1B BC 01 05 01 ..... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 write_socket(16,80) write_socket(16,80) wrote 80 SMBtrans2 info_level = 261 got smb length of 90 got message type 0x0 of len 0x5a Transaction 57 of length 94 size=90 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16386 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 3584 (0xE00) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=7 [000] 00 5C 00 62 00 00 00 .\.b... switch message SMBntcreateX (pid 19651) setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) reply_ntcreateX: flags = 0x10, desired_access = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: Mapped desired access 0x10e0000, share access 0x3, file attributes 0x0 to open_mode 0x40 unix_convert called on file "\b" unix_clean_name [/b] unix_mode(b) returning 0766 allocated file structure 5681, fnum = 9777 (2 used) open_file_shared: fname = b, share_mode = 40, ofun = 1, mode = 766, oplock request = 0 is_in_path: b is_in_path: no name list. unix_clean_name [b] calling open_file with flags=0x0 flags2=0x0 mode=0766 freed files structure 9777 (1 used) allocated file structure 5682, fnum = 9778 (2 used) open_directory: opening directory b dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 9778, open name = b size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16386 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=12800 (0x3200) smb_vwv[ 3]= 294 (0x126) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=46110 (0xB41E) smb_vwv[ 7]=49098 (0xBFCA) smb_vwv[ 8]=50033 (0xC371) smb_vwv[ 9]=32769 (0x8001) smb_vwv[10]=17975 (0x4637) smb_vwv[11]=49133 (0xBFED) smb_vwv[12]=50033 (0xC371) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=46110 (0xB41E) smb_vwv[15]=49098 (0xBFCA) smb_vwv[16]=50033 (0xC371) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=46110 (0xB41E) smb_vwv[19]=49098 (0xBFCA) smb_vwv[20]=50033 (0xC371) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 41 got message type 0x0 of len 0x29 Transaction 58 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=16450 smt_wct=3 smb_vwv[ 0]= 9778 (0x2632) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 19651) change_to_user: Skipping user change - already user close directory fnum=9778 freed files structure 9778 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=16450 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 86 got message type 0x0 of len 0x56 Transaction 59 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16514 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 6C 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .l...V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 86 got message type 0x0 of len 0x56 Transaction 60 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16578 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 00 6C 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .l...V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 86 got message type 0x0 of len 0x56 Transaction 61 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16642 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 06 4E 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .N...V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 90 got message type 0x0 of len 0x5a Transaction 62 of length 94 size=90 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16706 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=7 [000] 00 5C 00 62 00 00 00 .\.b... switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: Mapped desired access 0x20089, share access 0x3, file attributes 0x80 to open_mode 0x40 unix_convert called on file "\b" unix_clean_name [/b] unix_mode(b) returning 0766 allocated file structure 5683, fnum = 9779 (2 used) open_file_shared: fname = b, share_mode = 40, ofun = 1, mode = 766, oplock request = 3 is_in_path: b is_in_path: no name list. unix_clean_name [b] calling open_file with flags=0x0 flags2=0x0 mode=0766 fd_open: name b, flags = 0400000 mode = 0766, fd = 29. freed files structure 9779 (1 used) allocated file structure 5684, fnum = 9780 (2 used) open_directory: opening directory b dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 9780, open name = b size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16706 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 294 (0x126) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=46110 (0xB41E) smb_vwv[ 7]=49098 (0xBFCA) smb_vwv[ 8]=50033 (0xC371) smb_vwv[ 9]=32769 (0x8001) smb_vwv[10]=17975 (0x4637) smb_vwv[11]=49133 (0xBFED) smb_vwv[12]=50033 (0xC371) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=46110 (0xB41E) smb_vwv[15]=49098 (0xBFCA) smb_vwv[16]=50033 (0xC371) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=46110 (0xB41E) smb_vwv[19]=49098 (0xBFCA) smb_vwv[20]=50033 (0xC371) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 84 got message type 0x0 of len 0x54 Transaction 63 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16770 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 64 (0x40) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 168 (0xA8) smb_vwv[20]= 9 (0x9) smb_vwv[21]= 9780 (0x2634) smb_vwv[22]= 1 (0x1) smb_bcc=3 [000] 00 77 00 .w. switch message SMBnttrans (pid 19651) change_to_user: Skipping user change - already user reply_nttrans: setup_count = 8 [000] A8 00 09 00 34 26 01 00 ....4&.. call_nt_transact_ioctl: function[0x000900A8] FID[0x2634] isFSctl[0x01] compfilter[0x00] FSCTL_GET_REPARSE_POINT: called on FID[0x2634](but not implemented) error packet at smbd/nttrans.c(104) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 41 got message type 0x0 of len 0x29 Transaction 64 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=16834 smt_wct=3 smb_vwv[ 0]= 9780 (0x2634) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 19651) change_to_user: Skipping user change - already user close directory fnum=9780 freed files structure 9780 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=16834 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 70 got message type 0x0 of len 0x46 Transaction 65 of length 74 size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16898 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [000] 00 00 00 03 01 ..... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 259 sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. call_trans2qfsinfo : SMB_QUERY_FS_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 t2_rep: params_sent_thistime = 0, data_sent_thistime = 24, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 24, paramsize = 0, datasize = 24 write_socket(16,84) write_socket(16,84) wrote 84 SMBtrans2 info_level = 259 got smb length of 86 got message type 0x0 of len 0x56 Transaction 66 of length 90 size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=16962 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [000] 06 4E 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .N...V.. .......\ [010] 00 62 00 00 00 .b... switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b" unix_clean_name [/b] is_in_path: b is_in_path: no name list. unix_clean_name [b] dir=./, mask = b start_dir dir=./ is_in_path: ./ is_in_path: no name list. unix_clean_name [./] is_in_path: .os_private is_in_path: no name list. is_in_path: s is_in_path: no name list. is_in_path: 1 is_in_path: no name list. is_in_path: b is_in_path: no name list. creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = b, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 1 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 2 ms_fnmatch(b,.) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 3 ms_fnmatch(b,.os_private) -> -1 ms_fnmatch(b,_JNVUF~Z) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 4 ms_fnmatch(b,s) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 5 ms_fnmatch(b,1) -> -1 get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 6 dos_mode: ./b is_in_path: ./b is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found ./b fname=b call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 write_socket(16,168) write_socket(16,168) wrote 168 SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 got smb length of 90 got message type 0x0 of len 0x5a Transaction 67 of length 94 size=90 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=17026 smt_wct=15 smb_vwv[ 0]= 22 (0x16) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 22 (0x16) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=25 [000] 06 4E 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .N...V.. .......\ [010] 00 62 00 5C 00 2A 00 00 00 .b.\.*.. . switch message SMBtrans2 (pid 19651) change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 unix_convert called on file "\b\*" unix_clean_name [/b/*] unix_convert begin: name = b/*, dirpath = b, start = * New file * is_in_path: b/* is_in_path: no name list. unix_clean_name [b/*] dir=b, mask = * start_dir dir=b is_in_path: b is_in_path: no name list. unix_clean_name [b] creating new dirptr 256 for path b, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath= dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 ms_fnmatch(*,.) -> 0 dos_mode: b/. is_in_path: b/. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found b/. fname=. get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 ms_fnmatch(*,.) -> 0 dos_mode: b/.. is_in_path: b/.. is_in_path: no name list. dos_mode returning d get_lanman2_dir_entry found b/.. fname=.. get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 196, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 196, paramsize = 10, datasize = 196 write_socket(16,268) write_socket(16,268) wrote 268 SMBtrans2 mask=* directory=b dirtype=22 numentries=2 got smb length of 88 got message type 0x0 of len 0x58 Transaction 68 of length 92 size=88 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=17090 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=45 [000] 00 5C 00 5C 00 31 00 30 00 2E 00 33 00 33 00 2E .\.\.1.0 ...3.3.. [010] 00 31 00 2E 00 31 00 37 00 30 00 5C 00 49 00 50 .1...1.7 .0.\.I.P [020] 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .C.$...? ????. switch message SMBtconX (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [IPC$] making a connection to 'normal' service ipc$ Finding user admin Trying _Get_Pwnam(), username as lowercase is admin Get_Pwnam_internals did find user [admin]! Connect path is '/tmp' for service [IPC$] get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks claiming IPC$ 0 cmd=/usr/local/samba/bin/log_connect.sh 'admin' 'mkaplan-win2k' '10.33.1.136' 'IPC_' get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 se_access_check: access (1) granted. setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) mkaplan-win2k (10.33.1.136) connect to service IPC$ initially as user admin (uid=1, gid=100) (pid 19651) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=IPC$ size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=65279 smb_uid=100 smb_mid=17090 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... write_socket(16,52) write_socket(16,52) wrote 52 got smb length of 100 got message type 0x0 of len 0x64 Transaction 69 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17154 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . switch message SMBntcreateX (pid 19651) setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) vfs_ChDir to /tmp reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \lsarpc. nt_open_pipe: Known pipe lsarpc opening. Open pipe requested lsarpc (pipes_open=0) Create pipe requested lsarpc init_pipe_handles: created handle list for pipe lsarpc init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc Created internal pipe lsarpc (pipes_open=0) Opened pipe lsarpc with handle 71fb (pipes_open=1) open pipes: name lsarpc pnum=71fb do_ntcreate_pipe_open: open pipe = \lsarpc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17154 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=64256 (0xFB00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 70 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17218 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29179 (0x71FB) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [030] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. [040] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fb pipe name lsarpc pnum=71fb (pipes_open=1) Got API command 0x26 on pipe "lsarpc" (pnum 71fb)api_fd_reply: p:0x8361808 max_trans_reply: 1024 write_to_pipe: 71fb name: lsarpc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 844 api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 0010 data : 3919286a 0014 data : b10c 0016 data : 11d0 0018 data : 9b a8 00 c0 4f d9 2e f5 0020 version: 00000000 000024 smb_io_rpc_iface 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 985 check_bind_req for \PIPE\lsarpc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000c 000a str: \PIPE\lsass. 000016 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 71fb name: lsarpc len: 1024 read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17218 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 110 got message type 0x0 of len 0x6e Transaction 71 of length 114 size=110 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17282 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29179 (0x71FB) smb_bcc=43 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ [020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=26 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fb pipe name lsarpc pnum=71fb (pipes_open=1) Got API command 0x26 on pipe "lsarpc" (pnum 71fb)api_fd_reply: p:0x8361808 max_trans_reply: 1024 write_to_pipe: 71fb name: lsarpc open: Yes len: 26 write_to_pipe: data_left = 26 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 10 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001a 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 10 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 10, incoming data = 10 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000002 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\lsarpc api_rpcTNP: lsarpc op 0x0 - unknown 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 23 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000000 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : NT code 0x1c010002 001c reserved: 00000000 free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 10 read_from_pipe: 71fb name: lsarpc len: 1024 read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. copy_trans_params_and_data: params[0..0] data[0..32] size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17282 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . write_socket(16,92) write_socket(16,92) wrote 92 got smb length of 41 got message type 0x0 of len 0x29 Transaction 72 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=100 smb_mid=17346 smt_wct=3 smb_vwv[ 0]=29179 (0x71FB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 19651) change_to_user: Skipping user change - already user search for pipe pnum=71fb pipe name lsarpc pnum=71fb (pipes_open=1) reply_pipe_close: pnum:71fb close_policy_by_pipe: deleted handle list for pipe lsarpc closed pipe name lsarpc pnum=71fb (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=65279 smb_uid=100 smb_mid=17346 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 73 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17410 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \winreg. nt_open_pipe: Known pipe winreg opening. Open pipe requested winreg (pipes_open=0) Create pipe requested winreg init_pipe_handles: created handle list for pipe winreg init_pipe_handles: pipe_handles ref count = 1 for pipe winreg Created internal pipe winreg (pipes_open=0) Opened pipe winreg with handle 71fc (pipes_open=1) open pipes: name winreg pnum=71fc do_ntcreate_pipe_open: open pipe = \winreg size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17410 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=64512 (0xFC00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 74 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17474 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29180 (0x71FC) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [030] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [040] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fc pipe name winreg pnum=71fc (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fc name: winreg open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 844 api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 0010 data : 338cd001 0014 data : 2244 0016 data : 31f1 0018 data : aa aa 90 00 38 00 10 03 0020 version: 00000001 000024 smb_io_rpc_iface 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 985 check_bind_req for \PIPE\winreg 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\winreg. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 71fc name: winreg len: 1024 read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17474 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 \winreg. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 120 got message type 0x0 of len 0x78 Transaction 75 of length 124 size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17538 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29180 (0x71FC) smb_bcc=53 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 E0 F1 7B 27 80 E5 01 ........ ...{'... [030] 00 00 00 00 02 ..... switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=36 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fc pipe name winreg pnum=71fc (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fc name: winreg open: Yes len: 36 write_to_pipe: data_left = 36 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 20 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 20 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 20, incoming data = 20 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000000c 0004 context_id: 0000 0006 opnum : 0002 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM api_rpc_cmds[3].fn == 0x80f583c 000000 reg_io_q_open_hklm 0000 ptr : 277bf1e0 0004 unknown_0: e580 0006 unknown_1: 0001 0008 access_mask: 02000000 open_registry_key: name = [NULL][HKLM] reghook_cache_find: Searching for keyname [/HKLM] sorted_tree_find: Enter [/HKLM] sorted_tree_find: Exit regdb_fetch_reg_keys: Enter key => [HKLM] regdb_fetch_reg_keys: Exit [1] items Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. open_registry_key: exit 000000 reg_io_r_open_hklm 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000001 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 0014 status: NT_STATUS_OK api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 20 read_from_pipe: 71fc name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17538 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 00 00 00 .....8MU ?.L..... [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 252 got message type 0x0 of len 0xfc Transaction 76 of length 256 size=252 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17602 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29180 (0x71FC) smb_bcc=185 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 A8 00 00 00 02 00 00 ........ ........ [020] 00 90 00 00 00 00 00 0F 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 60 00 60 .....8MU ?.L..`.` [040] 00 D0 1B 18 75 30 00 00 00 00 00 00 00 30 00 00 ....u0.. .....0.. [050] 00 73 00 79 00 73 00 74 00 65 00 6D 00 5C 00 63 .s.y.s.t .e.m.\.c [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 63 00 6F .u.r.r.e .n.t.c.o [070] 00 6E 00 74 00 72 00 6F 00 6C 00 73 00 65 00 74 .n.t.r.o .l.s.e.t [080] 00 5C 00 63 00 6F 00 6E 00 74 00 72 00 6F 00 6C .\.c.o.n .t.r.o.l [090] 00 5C 00 70 00 72 00 6F 00 64 00 75 00 63 00 74 .\.p.r.o .d.u.c.t [0A0] 00 6F 00 70 00 74 00 69 00 6F 00 6E 00 73 00 00 .o.p.t.i .o.n.s.. [0B0] 00 00 00 00 00 19 00 02 00 ........ . switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=168 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fc pipe name winreg pnum=71fc (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fc name: winreg open: Yes len: 168 write_to_pipe: data_left = 168 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 152 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a8 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 152 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 152, incoming data = 152 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000090 0004 context_id: 0000 0006 opnum : 000f free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY api_rpc_cmds[1].fn == 0x80f5a28 000000 reg_io_q_entry 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000001 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 000014 smb_io_unihdr 0014 uni_str_len: 0060 0016 uni_max_len: 0060 0018 buffer : 75181bd0 00001c smb_io_unistr2 001c uni_max_len: 00000030 0020 undoc : 00000000 0024 uni_str_len: 00000030 0028 buffer : s.y.s.t.e.m.\.c.u.r.r.e.n.t.c.o.n.t.r.o.l.s.e.t.\.c.o.n.t.r.o.l.\.p.r.o.d.u.c.t.o.p.t.i.o.n.s... 0088 unknown_0 : 00000000 008c access_desired : 00020019 Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. reg_open_entry: Enter open_registry_key: name = [HKLM][system\currentcontrolset\control\productoptions] reghook_cache_find: Searching for keyname [/HKLM/system/currentcontrolset/control/productoptions] sorted_tree_find: Enter [/HKLM/system/currentcontrolset/control/productoptions] sorted_tree_find: Exit regdb_fetch_reg_keys: Enter key => [HKLM\system\currentcontrolset\control\productoptions] regdb_fetch_reg_keys: Exit [0] items Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. open_registry_key: exit reg_open_entry: Exit 000000 reg_io_r_open_entry 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000002 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 0014 status: NT_STATUS_OK api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 96 write_to_pipe: data_used = 152 read_from_pipe: 71fc name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17602 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 00 00 00 .....8MU ?.L..... [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 200 got message type 0x0 of len 0xc8 Transaction 77 of length 204 size=200 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17666 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 116 (0x74) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29180 (0x71FC) smb_bcc=133 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 74 00 00 00 03 00 00 ........ .t...... [020] 00 5C 00 00 00 00 00 11 00 00 00 00 00 02 00 00 .\...... ........ [030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 18 00 18 .....8MU ?.L..... [040] 00 B8 1B 18 75 0C 00 00 00 00 00 00 00 0C 00 00 ....u... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 0C F2 7B 27 00 00 00 .y.p.e.. ...{'... [070] 00 00 00 00 00 04 F2 7B 27 00 00 00 00 FC F1 7B .......{ '......{ [080] 27 00 00 00 00 '.... switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=116 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fc pipe name winreg pnum=71fc (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fc name: winreg open: Yes len: 116 write_to_pipe: data_left = 116 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 116 fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 100 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000003 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 100, incoming data = 100 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000005c 0004 context_id: 0000 0006 opnum : 0011 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO api_rpc_cmds[8].fn == 0x80f5ad0 000000 reg_io_q_info 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000002 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 000014 smb_io_unihdr 0014 uni_str_len: 0018 0016 uni_max_len: 0018 0018 buffer : 75181bb8 00001c smb_io_unistr2 001c uni_max_len: 0000000c 0020 undoc : 00000000 0024 uni_str_len: 0000000c 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... 0040 ptr_reserved: 277bf20c 0044 ptr_buf: 00000000 0048 unk1: 00000000 004c ptr_buflen: 277bf204 0050 buflen: 00000000 0054 ptr_buflen2: 277bf1fc 0058 buflen2: 00000000 Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. _reg_info: Enter _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] reg_info: looking up value: [ProductType] _reg_info: Exit 000000 reg_io_r_info 0000 ptr_type: 00000001 0004 type: 00000001 0008 ptr_uni_val: 00000000 000c ptr_max_len: 00000001 0010 buf_max_len: 0000000c 0014 ptr_len: 00000001 0018 buf_len: 0000000c 001c status: NT_STATUS_OK api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 536 write_to_pipe: data_used = 100 read_from_pipe: 71fc name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0038 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..56] size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17666 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 01 00 00 00 01 00 00 . ...... ........ [020] 00 00 00 00 00 01 00 00 00 0C 00 00 00 01 00 00 ........ ........ [030] 00 0C 00 00 00 00 00 00 00 ........ . write_socket(16,116) write_socket(16,116) wrote 116 got smb length of 212 got message type 0x0 of len 0xd4 Transaction 78 of length 216 size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17730 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29180 (0x71FC) smb_bcc=145 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ [020] 00 68 00 00 00 00 00 11 00 00 00 00 00 02 00 00 .h...... ........ [030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 18 00 18 .....8MU ?.L..... [040] 00 B8 1B 18 75 0C 00 00 00 00 00 00 00 0C 00 00 ....u... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 0C F2 7B 27 58 D5 0E .y.p.e.. ...{'X.. [070] 00 58 D5 0E 00 0C 00 00 00 00 00 00 00 00 00 00 .X...... ........ [080] 00 04 F2 7B 27 0C 00 00 00 FC F1 7B 27 00 00 00 ...{'... ...{'... [090] 00 . switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=128 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fc pipe name winreg pnum=71fc (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fc name: winreg open: Yes len: 128 write_to_pipe: data_left = 128 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 112 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0080 000a auth_len : 0000 000c call_id : 00000004 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 112 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 112, incoming data = 112 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000068 0004 context_id: 0000 0006 opnum : 0011 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO api_rpc_cmds[8].fn == 0x80f5ad0 000000 reg_io_q_info 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000002 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 000014 smb_io_unihdr 0014 uni_str_len: 0018 0016 uni_max_len: 0018 0018 buffer : 75181bb8 00001c smb_io_unistr2 001c uni_max_len: 0000000c 0020 undoc : 00000000 0024 uni_str_len: 0000000c 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... 0040 ptr_reserved: 277bf20c 0044 ptr_buf: 000ed558 0048 ptr_bufsize: 000ed558 004c bufsize: 0000000c 0050 buf_unk: 00000000 0054 unk1: 00000000 0058 ptr_buflen: 277bf204 005c buflen: 0000000c 0060 ptr_buflen2: 277bf1fc 0064 buflen2: 00000000 Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. _reg_info: Enter _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] reg_info: looking up value: [ProductType] _reg_info: Exit 000000 reg_io_r_info 0000 ptr_type: 00000001 0004 type: 00000001 0008 ptr_uni_val: 00000001 00000c smb_io_buffer2 uni_val 000c uni_max_len: 0000000c 0010 undoc : 00000000 0014 buf_len : 0000000c 0018 buffer : W.i.n.N.T... 0024 ptr_max_len: 00000001 0028 buf_max_len: 0000000c 002c ptr_len: 00000001 0030 buf_len: 0000000c 0034 status: NT_STATUS_OK api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 536 write_to_pipe: data_used = 112 read_from_pipe: 71fc name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 56. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0050 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000038 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..80] size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17730 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [000] 00 05 00 02 03 10 00 00 00 50 00 00 00 04 00 00 ........ .P...... [010] 00 38 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .8...... ........ [020] 00 01 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ [030] 00 57 00 69 00 6E 00 4E 00 54 00 00 00 01 00 00 .W.i.n.N .T...... [040] 00 0C 00 00 00 01 00 00 00 0C 00 00 00 00 00 00 ........ ........ [050] 00 . write_socket(16,140) write_socket(16,140) wrote 140 got smb length of 128 got message type 0x0 of len 0x80 Transaction 79 of length 132 size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17794 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29180 (0x71FC) smb_bcc=61 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 .....8MU ?.L.. switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fc pipe name winreg pnum=71fc (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fc name: winreg open: Yes len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000005 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0005 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE api_rpc_cmds[0].fn == 0x80f579c 000000 reg_io_q_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000002 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. Closed policy 000000 reg_io_r_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000000 0008 data3: 0000 000a data4: 0000 000c data5: 00 00 00 00 00 00 00 00 0014 status: NT_STATUS_OK api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 read_from_pipe: 71fc name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17794 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 128 got message type 0x0 of len 0x80 Transaction 80 of length 132 size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17858 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29180 (0x71FC) smb_bcc=61 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 .....8MU ?.L.. switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fc pipe name winreg pnum=71fc (pipes_open=1) Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fc name: winreg open: Yes len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000006 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0005 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\winreg api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE api_rpc_cmds[0].fn == 0x80f579c 000000 reg_io_q_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000001 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. Closed policy 000000 reg_io_r_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000000 0008 data3: 0000 000a data4: 0000 000c data5: 00 00 00 00 00 00 00 00 0014 status: NT_STATUS_OK api_rpcTNP: called winreg successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 read_from_pipe: 71fc name: winreg len: 1024 read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17858 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 41 got message type 0x0 of len 0x29 Transaction 81 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=100 smb_mid=17922 smt_wct=3 smb_vwv[ 0]=29180 (0x71FC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 19651) change_to_user: Skipping user change - already user search for pipe pnum=71fc pipe name winreg pnum=71fc (pipes_open=1) reply_pipe_close: pnum:71fc close_policy_by_pipe: deleted handle list for pipe winreg closed pipe name winreg pnum=71fc (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=65279 smb_uid=100 smb_mid=17922 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 100 got message type 0x0 of len 0x64 Transaction 82 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17986 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . switch message SMBntcreateX (pid 19651) change_to_user: Skipping user change - already user reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \lsarpc. nt_open_pipe: Known pipe lsarpc opening. Open pipe requested lsarpc (pipes_open=0) Create pipe requested lsarpc init_pipe_handles: created handle list for pipe lsarpc init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc Created internal pipe lsarpc (pipes_open=0) Opened pipe lsarpc with handle 71fd (pipes_open=1) open pipes: name lsarpc pnum=71fd do_ntcreate_pipe_open: open pipe = \lsarpc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=17986 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=64768 (0xFD00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 156 got message type 0x0 of len 0x9c Transaction 83 of length 160 size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=18050 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29181 (0x71FD) smb_bcc=89 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fd pipe name lsarpc pnum=71fd (pipes_open=1) Got API command 0x26 on pipe "lsarpc" (pnum 71fd)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fd name: lsarpc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 844 api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 01 23 45 67 89 ab 0020 version: 00000000 000024 smb_io_rpc_iface 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 985 check_bind_req for \PIPE\lsarpc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000c 000a str: \PIPE\lsass. 000016 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 71fd name: lsarpc len: 1024 read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=18050 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... write_socket(16,128) write_socket(16,128) wrote 128 got smb length of 180 got message type 0x0 of len 0xb4 Transaction 84 of length 184 size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=18114 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29181 (0x71FD) smb_bcc=113 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 01 00 00 ........ .`...... [020] 00 48 00 00 00 00 00 2C 00 20 89 07 04 0E 00 00 .H....., . ...... [030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [040] 00 2E 00 33 00 33 00 2E 00 31 00 2E 00 31 00 37 ...3.3.. .1...1.7 [050] 00 30 00 00 00 18 00 00 00 00 00 00 00 00 00 00 .0...... ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [070] 00 . switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=96 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fd pipe name lsarpc pnum=71fd (pipes_open=1) Got API command 0x26 on pipe "lsarpc" (pnum 71fd)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fd name: lsarpc open: Yes len: 96 write_to_pipe: data_left = 96 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 80 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 80 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000048 0004 context_id: 0000 0006 opnum : 002c free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\lsarpc api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 api_rpc_cmds[0].fn == 0x80f1f4c 000000 lsa_io_q_open_pol2 0000 ptr : 04078920 000004 smb_io_unistr2 0004 uni_max_len: 0000000e 0008 undoc : 00000000 000c uni_str_len: 0000000e 0010 buffer : \.\.1.0...3.3...1...1.7.0... 00002c lsa_io_obj_attr 002c len : 00000018 0030 ptr_root_dir: 00000000 0034 ptr_obj_name: 00000000 0038 attributes : 00000000 003c ptr_sec_desc: 00000000 0040 ptr_sec_qos : 00000000 0044 des_access: 00000001 se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 1 se_access_check: access (1) granted. Opened policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. 000000 lsa_io_r_open_pol2 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000003 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 0014 status: NT_STATUS_OK api_rpcTNP: called lsarpc successfully free_pipe_context: destroying talloc pool of size 828 write_to_pipe: data_used = 80 read_from_pipe: 71fd name: lsarpc len: 1024 read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=18114 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 00 00 00 .....8MU ?.L..... [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 130 got message type 0x0 of len 0x82 Transaction 85 of length 134 size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=18178 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29181 (0x71FD) smb_bcc=63 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 03 00 00 ........ ........ [030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 03 00 .....8MU ?.L.... switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=46 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fd pipe name lsarpc pnum=71fd (pipes_open=1) Got API command 0x26 on pipe "lsarpc" (pnum 71fd)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fd name: lsarpc open: Yes len: 46 write_to_pipe: data_left = 46 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 30 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 30 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 0007 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\lsarpc api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY api_rpc_cmds[2].fn == 0x80f2254 000000 lsa_io_q_query 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000003 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 0014 info_class: 0003 Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. 000000 lsa_io_r_query 0000 undoc_buffer: 22000000 0004 info_class: 0003 000008 lsa_io_dom_query 0008 uni_dom_max_len: 0012 000a uni_dom_str_len: 0014 000c buffer_dom_name: 00000001 0010 buffer_dom_sid : 00000001 000014 smb_io_unistr2 unistr2 0014 uni_max_len: 0000000a 0018 undoc : 00000000 001c uni_str_len: 00000009 0020 buffer : N.E.W.C.I.T.R.I.X. 000034 smb_io_dom_sid2 0034 num_auths: 00000004 000038 smb_io_dom_sid sid 0038 sid_rev_num: 01 0039 num_auths : 04 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000015 2838dd73 95ae0fd8 21e31bc3 0050 status: NT_STATUS_OK api_rpcTNP: called lsarpc successfully free_pipe_context: destroying talloc pool of size 512 write_to_pipe: data_used = 30 read_from_pipe: 71fd name: lsarpc len: 1024 read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..108] size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=18178 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=109 [000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 02 00 00 ........ .l...... [010] 00 54 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .T...... ...."... [020] 00 12 00 14 00 01 00 00 00 01 00 00 00 0A 00 00 ........ ........ [030] 00 00 00 00 00 09 00 00 00 4E 00 45 00 57 00 43 ........ .N.E.W.C [040] 00 49 00 54 00 52 00 49 00 58 00 00 00 04 00 00 .I.T.R.I .X...... [050] 00 01 04 00 00 00 00 00 05 15 00 00 00 73 DD 38 ........ .....s.8 [060] 28 D8 0F AE 95 C3 1B E3 21 00 00 00 00 (....... !.... write_socket(16,168) write_socket(16,168) wrote 168 got smb length of 128 got message type 0x0 of len 0x80 Transaction 86 of length 132 size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=18242 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29181 (0x71FD) smb_bcc=61 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 .....8MU ?.L.. switch message SMBtrans (pid 19651) change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=71fd pipe name lsarpc pnum=71fd (pipes_open=1) Got API command 0x26 on pipe "lsarpc" (pnum 71fd)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 write_to_pipe: 71fd name: lsarpc open: Yes len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000003 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\lsarpc api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE api_rpc_cmds[4].fn == 0x80f2640 000000 lsa_io_q_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000003 0008 data3: 0000 000a data4: 0000 000c data5: 38 4d 55 3f c3 4c 00 00 Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? [010] C3 4C 00 00 .L.. Closed policy 000000 lsa_io_r_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000000 0008 data3: 0000 000a data4: 0000 000c data5: 00 00 00 00 00 00 00 00 0014 status: NT_STATUS_OK api_rpcTNP: called lsarpc successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 read_from_pipe: 71fd name: lsarpc len: 1024 read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..48] size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=2156 smb_uid=100 smb_mid=18242 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . write_socket(16,108) write_socket(16,108) wrote 108 got smb length of 41 got message type 0x0 of len 0x29 Transaction 87 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=100 smb_mid=18306 smt_wct=3 smb_vwv[ 0]=29181 (0x71FD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 19651) change_to_user: Skipping user change - already user search for pipe pnum=71fd pipe name lsarpc pnum=71fd (pipes_open=1) reply_pipe_close: pnum:71fd close_policy_by_pipe: deleted handle list for pipe lsarpc closed pipe name lsarpc pnum=71fd (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=65279 smb_uid=100 smb_mid=18306 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 got smb length of 90 got message type 0x0 of len 0x5a Transaction 88 of length 94 size=90 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=18370 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=32768 (0x8000) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=7 [000] 00 5C 00 62 00 00 00 .\.b... switch message SMBntcreateX (pid 19651) setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 contains 6 SIDs SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 UNIX token of user 1 Primary group is 100 and contains 3 supplementary groups Group[ 0]: 100 Group[ 1]: 100 Group[ 2]: 0 change_to_user uid=(0,1) gid=(0,100) vfs_ChDir to /shares/SHARE1 reply_ntcreateX: flags = 0x10, desired_access = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0 map_create_disposition: Mapped create_disposition 0x1 to 0x1 map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 map_share_mode: Mapped desired access 0x20080, share access 0x7, file attributes 0x0 to open_mode 0x8040 unix_convert called on file "\b" unix_clean_name [/b] unix_mode(b) returning 0766 allocated file structure 5685, fnum = 9781 (2 used) open_file_shared: fname = b, share_mode = 8040, ofun = 1, mode = 766, oplock request = 0 is_in_path: b is_in_path: no name list. unix_clean_name [b] calling open_file with flags=0x0 flags2=0x0 mode=0766 freed files structure 9781 (1 used) allocated file structure 5686, fnum = 9782 (2 used) open_directory: opening directory b dos_mode: b is_in_path: b is_in_path: no name list. dos_mode returning d reply_ntcreate_and_X: fnum = 9782, open name = b size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=18370 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=13824 (0x3600) smb_vwv[ 3]= 294 (0x126) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=46110 (0xB41E) smb_vwv[ 7]=49098 (0xBFCA) smb_vwv[ 8]=50033 (0xC371) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]=12991 (0x32BF) smb_vwv[11]=49235 (0xC053) smb_vwv[12]=50033 (0xC371) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=46110 (0xB41E) smb_vwv[15]=49098 (0xBFCA) smb_vwv[16]=50033 (0xC371) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=46110 (0xB41E) smb_vwv[19]=49098 (0xBFCA) smb_vwv[20]=50033 (0xC371) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 256 (0x100) smb_bcc=0 write_socket(16,107) write_socket(16,107) wrote 107 got smb length of 84 got message type 0x0 of len 0x54 Transaction 89 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=18434 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [000] 00 50 00 36 26 00 00 04 00 00 00 .P.6&... ... switch message SMBnttrans (pid 19651) change_to_user: Skipping user change - already user reply_nttrans: parameter_count = 8 [000] 36 26 00 00 04 00 00 00 6&...... call_nt_transact_query_security_desc: file = b get_nt_acl: called for file b get_nt_acl : file ACL present, directory ACL present load_inherited_info: ret = -1 for file b Err No data available local_uid_to_sid: host has know idea of uid 18000 uid_to_sid: local 18000 failed to map to sid fetch sid from gid cache 100 -> S-1-5-21-1250349775-4091538868-537732204-1201 push_sec_ctx(1, 100) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups getsampwnam (smbpasswd): search by name: admin startsmbfilepwent_internal: opening file /etc/private/smbpasswd getsmbfilepwent: returning passwd entry for user guest, uid 4 getsmbfilepwent: returning passwd entry for user admin, uid 1 endsmbfilepwent_internal: closed password file. getsampwnam (smbpasswd): found by name: admin pdb_set_username: setting username admin, was element 11 -> now SET pdb_set_full_name: setting full name admin, was element 12 -> now SET pdb_set_unix_homedir: setting home dir /local_user_, was NULL element 21 -> now SET pdb_set_domain: setting domain MKAP-TYPHOON, was pdb_set_user_sid: setting user sid S-1-5-21-1250349775-4091538868-537732204-1002 element 17 -> now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1250349775-4091538868-537732204-1002 from rid 1002 pdb_set_group_sid: setting group sid S-1-5-21-1250349775-4091538868-537732204-1201 element 18 -> now SET Home server: mkap-typhoon pdb_set_profile_path: setting profile path \\mkap-typhoon\admin\profile, was Home server: mkap-typhoon pdb_set_homedir: setting home dir \\mkap-typhoon\admin, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was element 31 -> now SET element 30 -> now SET element 19 -> now SET element 20 -> now SET element 8 -> now SET pop_sec_ctx (1, 100) - sec_ctx_stack_ndx = 0 local_uid_to_sid: uid (1) -> SID S-1-5-21-1250349775-4091538868-537732204-1002 (admin). uid_to_sid: local 1 -> S-1-5-21-1250349775-4091538868-537732204-1002 fetch sid from gid cache 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo (inherited) canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo (inherited) canon_ace index 2. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1201 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo (inherited) canon_ace index 4. Type = allow SID = S-0-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo (inherited) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-0-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo (inherited) canon_ace index 2. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1201 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo (inherited) canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo (inherited) fetch sid from uid cache 1 -> S-1-5-21-1250349775-4091538868-537732204-1002 fetch sid from gid cache 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 canonicalise_acl: Default ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo (inherited) canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo (inherited) canon_ace index 2. Type = allow SID = S-1-3-1 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo (inherited) canon_ace index 4. Type = allow SID = S-1-3-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo (inherited) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-3-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo (inherited) canon_ace index 2. Type = allow SID = S-1-3-1 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo (inherited) canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo (inherited) map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff merge_default_aces: Merging ACE 6 onto ACE 1. merge_default_aces: Merging ACE 7 onto ACE 3. merge_default_aces: Merging ACE 7 onto ACE 4. call_nt_transact_query_security_desc: sd_size = 212. error string = No data available error packet at smbd/nttrans.c(104) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL nt_rep: params_sent_thistime = 4, data_sent_thistime = 0, useable_space = 131030 nt_rep: params_to_send = 4, data_to_send = 0, paramsize = 4, datasize = 0 write_socket(16,82) write_socket(16,82) wrote 82 got smb length of 84 got message type 0x0 of len 0x54 Transaction 90 of length 88 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2156 smb_uid=100 smb_mid=18498 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=54272 (0xD400) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [000] 00 50 00 36 26 00 00 04 00 00 00 .P.6&... ... switch message SMBnttrans (pid 19651) change_to_user: Skipping user change - already user reply_nttrans: parameter_count = 8 [000] 36 26 00 00 04 00 00 00 6&...... call_nt_transact_query_security_desc: file = b get_nt_acl: called for file b get_nt_acl : file ACL present, directory ACL present load_inherited_info: ret = -1 for file b Err No data available local_uid_to_sid: host has know idea of uid 18000 uid_to_sid: local 18000 failed to map to sid fetch sid from gid cache 100 -> S-1-5-21-1250349775-4091538868-537732204-1201 fetch sid from uid cache 1 -> S-1-5-21-1250349775-4091538868-537732204-1002 fetch sid from gid cache 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo (inherited) canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo (inherited) canon_ace index 2. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1201 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo (inherited) canon_ace index 4. Type = allow SID = S-0-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo (inherited) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-0-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo (inherited) canon_ace index 2. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1201 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo (inherited) canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo (inherited) fetch sid from uid cache 1 -> S-1-5-21-1250349775-4091538868-537732204-1002 fetch sid from gid cache 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 canonicalise_acl: Default ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo (inherited) canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo (inherited) canon_ace index 2. Type = allow SID = S-1-3-1 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo (inherited) canon_ace index 4. Type = allow SID = S-1-3-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo (inherited) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-3-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo (inherited) canon_ace index 2. Type = allow SID = S-1-3-1 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo (inherited) canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo (inherited) canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo (inherited) map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff merge_default_aces: Merging ACE 6 onto ACE 1. merge_default_aces: Merging ACE 7 onto ACE 3. merge_default_aces: Merging ACE 7 onto ACE 4. call_nt_transact_query_security_desc: sd_size = 212. 000000 sec_io_desc sd data 0000 revision : 0001 0002 type : 8404 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0003 0018 num_aces : 00000007 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 13 000020 sec_io_access info 0020 mask: 001f01ff 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 05 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 05 002c sub_auths : 00000015 4a86d2cf f3dfedb4 200d246c 000003e9 001e size : 0024 000040 sec_io_ace ace_list[01]: 0040 type : 00 0041 flags: 13 000044 sec_io_access info 0044 mask: 001f01ff 000048 smb_io_dom_sid trustee 0048 sid_rev_num: 01 0049 num_auths : 05 004a id_auth[0] : 00 004b id_auth[1] : 00 004c id_auth[2] : 00 004d id_auth[3] : 00 004e id_auth[4] : 00 004f id_auth[5] : 05 0050 sub_auths : 00000015 4a86d2cf f3dfedb4 200d246c 000003ea 0042 size : 0024 000064 sec_io_ace ace_list[02]: 0064 type : 00 0065 flags: 13 000068 sec_io_access info 0068 mask: 001f01ff 00006c smb_io_dom_sid trustee 006c sid_rev_num: 01 006d num_auths : 01 006e id_auth[0] : 00 006f id_auth[1] : 00 0070 id_auth[2] : 00 0071 id_auth[3] : 00 0072 id_auth[4] : 00 0073 id_auth[5] : 01 0074 sub_auths : 00000000 0066 size : 0014 000078 sec_io_ace ace_list[03]: 0078 type : 00 0079 flags: 10 00007c sec_io_access info 007c mask: 001f01ff 000080 smb_io_dom_sid trustee 0080 sid_rev_num: 00 0081 num_auths : 00 0082 id_auth[0] : 00 0083 id_auth[1] : 00 0084 id_auth[2] : 00 0085 id_auth[3] : 00 0086 id_auth[4] : 00 0087 id_auth[5] : 00 0088 sub_auths : 007a size : 0010 000088 sec_io_ace ace_list[04]: 0088 type : 00 0089 flags: 10 00008c sec_io_access info 008c mask: 001f01ff 000090 smb_io_dom_sid trustee 0090 sid_rev_num: 01 0091 num_auths : 05 0092 id_auth[0] : 00 0093 id_auth[1] : 00 0094 id_auth[2] : 00 0095 id_auth[3] : 00 0096 id_auth[4] : 00 0097 id_auth[5] : 05 0098 sub_auths : 00000015 4a86d2cf f3dfedb4 200d246c 000004b1 008a size : 0024 0000ac sec_io_ace ace_list[05]: 00ac type : 00 00ad flags: 1b 0000b0 sec_io_access info 00b0 mask: 001f01ff 0000b4 smb_io_dom_sid trustee 00b4 sid_rev_num: 01 00b5 num_auths : 01 00b6 id_auth[0] : 00 00b7 id_auth[1] : 00 00b8 id_auth[2] : 00 00b9 id_auth[3] : 00 00ba id_auth[4] : 00 00bb id_auth[5] : 03 00bc sub_auths : 00000000 00ae size : 0014 0000c0 sec_io_ace ace_list[06]: 00c0 type : 00 00c1 flags: 1b 0000c4 sec_io_access info 00c4 mask: 001f01ff 0000c8 smb_io_dom_sid trustee 00c8 sid_rev_num: 01 00c9 num_auths : 01 00ca id_auth[0] : 00 00cb id_auth[1] : 00 00cc id_auth[2] : 00 00cd id_auth[3] : 00 00ce id_auth[4] : 00 00cf id_auth[5] : 03 00d0 sub_auths : 00000001 00c2 size : 0014 0016 size : 00c0 nt_rep: params_sent_thistime = 4, data_sent_thistime = 212, useable_space = 130994 nt_rep: params_to_send = 4, data_to_send = 212, paramsize = 4, datasize = 212 write_socket(16,294) write_socket(16,294) wrote 294 got smb length of 41 got message type 0x0 of len 0x29 Transaction 91 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=18562 smt_wct=3 smb_vwv[ 0]= 9782 (0x2636) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 19651) change_to_user: Skipping user change - already user close directory fnum=9782 freed files structure 9782 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=18562 smt_wct=0 smb_bcc=0 write_socket(16,39) write_socket(16,39) wrote 39 async_processing: Doing async processing. receive_local_message: doing select with timeout of 1 ms setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Closing connections setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) mkaplan-win2k (10.33.1.136) closed connection to service IPC$ Yielding connection to IPC$ setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) vfs_ChDir to / setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) mkaplan-win2k (10.33.1.136) closed connection to service SHARE1 Yielding connection to SHARE1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) mkaplan-win2k (10.33.1.136) closed connection to service SHARE1 Yielding connection to SHARE1 kernel_remove_notify: fd=28 kernel_remove_notify: fd=27 freed files structure 9765 (0 used) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) attempting to free (and zero) a server_info structure Yielding connection to receive_local_message: doing select with timeout of 1 ms Server exit (Caught TERM signal)