The Samba-Bugzilla – Attachment 148 Details for
Bug 470
Cannot view the Security Properties (ACLs, ownership, etc) on files/directories that are owned by UIDs/GIDs that aren't in /etc/paswd and aren't in the idmap range
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
log.smbd of this failing
smbd.security-view.outfile.log.smbd (text/plain), 260.77 KB, created by
Marc Kaplan
on 2003-09-17 17:06:08 UTC
(
hide
)
Description:
log.smbd of this failing
Filename:
MIME Type:
Creator:
Marc Kaplan
Created:
2003-09-17 17:06:08 UTC
Size:
260.77 KB
patch
obsolete
>get_current_groups: user is in 3 groups: 0, 1, 3 >smbd version Samba for GuardianOS v2.6.013.200308291451 started. >Copyright Andrew Tridgell and the Samba Team 1992-2003 >uid=0 gid=0 euid=0 egid=0 >Build environment: > Built by: root@BuildSys > Built on: Fri Aug 29 15:04:06 PDT 2003 > Built using: gcc > Build host: Linux BuildSys 2.4.18-3smp #1 SMP Thu Apr 18 06:59:55 EDT 2002 i686 athlon i386 GNU/Linux > SRCDIR: /trinity/samba/samba/source > BUILDDIR: /trinity/samba/samba/source > >Paths: > SBINDIR: /bin > BINDIR: /bin > SWATDIR: /usr/swat > CONFIGFILE: /etc/smb.conf > LOGFILEBASE: /var/log/samba > LMHOSTSFILE: /etc/lmhosts > LIBDIR: /etc > SHLIBEXT: so > LOCKDIR: /var/lock/samba > PIDDIR: /var/log/samba/locks > SMB_PASSWD_FILE: /etc/private/smbpasswd > PRIVATE_DIR: /etc/private > > System Headers: > HAVE_SYS_ACL_H > HAVE_SYS_CDEFS_H > HAVE_SYS_FCNTL_H > HAVE_SYS_IOCTL_H > HAVE_SYS_IPC_H > HAVE_SYS_MMAN_H > HAVE_SYS_MOUNT_H > HAVE_SYS_PARAM_H > HAVE_SYS_QUOTA_H > HAVE_SYS_RESOURCE_H > HAVE_SYS_SELECT_H > HAVE_SYS_SHM_H > HAVE_SYS_SOCKET_H > HAVE_SYS_STATFS_H > HAVE_SYS_STATVFS_H > HAVE_SYS_STAT_H > HAVE_SYS_SYSCALL_H > HAVE_SYS_SYSLOG_H > HAVE_SYS_TIME_H > HAVE_SYS_TYPES_H > HAVE_SYS_UNISTD_H > HAVE_SYS_VFS_H > HAVE_SYS_WAIT_H > > Headers: > HAVE_ARPA_INET_H > HAVE_ASM_TYPES_H > HAVE_ATTR_XATTR_H > HAVE_COM_ERR_H > HAVE_CTYPE_H > HAVE_DIRENT_H > HAVE_DLFCN_H > HAVE_FCNTL_H > HAVE_GLOB_H > HAVE_GRP_H > HAVE_GSSAPI_GSSAPI_GENERIC_H > HAVE_GSSAPI_GSSAPI_H > HAVE_INTTYPES_H > HAVE_KRB5_H > HAVE_LANGINFO_H > HAVE_LASTLOG_H > HAVE_LBER_H > HAVE_LDAP_H > HAVE_LIMITS_H > HAVE_LINUX_DQBLK_XFS_H > HAVE_LINUX_QUOTA_H > HAVE_LINUX_XQM_H > HAVE_LOCALE_H > HAVE_MEMORY_H > HAVE_MNTENT_H > HAVE_NETINET_IN_SYSTM_H > HAVE_NETINET_IP_H > HAVE_NETINET_TCP_H > HAVE_NET_IF_H > HAVE_NSS_H > HAVE_POLL_H > HAVE_READLINE_HISTORY_H > HAVE_READLINE_READLINE_H > HAVE_RPCSVC_NIS_H > HAVE_RPCSVC_YPCLNT_H > HAVE_RPCSVC_YP_PROT_H > HAVE_RPC_RPC_H > HAVE_SECURITY_PAM_APPL_H > HAVE_SECURITY_PAM_MODULES_H > HAVE_SECURITY__PAM_MACROS_H > HAVE_SHADOW_H > HAVE_STDARG_H > HAVE_STDINT_H > HAVE_STDLIB_H > HAVE_STRINGS_H > HAVE_STRING_H > HAVE_STROPTS_H > HAVE_SYSCALL_H > HAVE_SYSLOG_H > HAVE_TERMIOS_H > HAVE_TERMIO_H > HAVE_UNISTD_H > HAVE_UTIME_H > > UTMP Options: > HAVE_GETUTMPX > HAVE_UTMPX_H > HAVE_UTMP_H > HAVE_UT_UT_ADDR > HAVE_UT_UT_EXIT > HAVE_UT_UT_HOST > HAVE_UT_UT_ID > HAVE_UT_UT_NAME > HAVE_UT_UT_PID > HAVE_UT_UT_TIME > HAVE_UT_UT_TV > HAVE_UT_UT_TYPE > HAVE_UT_UT_USER > PUTUTLINE_RETURNS_UTMP > WITH_UTMP > > HAVE_* Defines: > HAVE_ADDRTYPE_IN_KRB5_ADDRESS > HAVE_ASPRINTF > HAVE_ASPRINTF_DECL > HAVE_ATEXIT > HAVE_BACKTRACE_SYMBOLS > HAVE_BER_SCANF > HAVE_BZERO > HAVE_C99_VSNPRINTF > HAVE_CHMOD > HAVE_CHOWN > HAVE_CHROOT > HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS > HAVE_CONNECT > HAVE_CREAT64 > HAVE_CRYPT > HAVE_DEVICE_MAJOR_FN > HAVE_DEVICE_MINOR_FN > HAVE_DIRENT_D_OFF > HAVE_DLCLOSE > HAVE_DLERROR > HAVE_DLOPEN > HAVE_DLSYM > HAVE_DUP2 > HAVE_ENDMNTENT > HAVE_ENDNETGRENT > HAVE_ERRNO_DECL > HAVE_EXECL > HAVE_EXPLICIT_LARGEFILE_SUPPORT > HAVE_FCHMOD > HAVE_FCHOWN > HAVE_FCNTL_LOCK > HAVE_FCVT > HAVE_FGETXATTR > HAVE_FLISTXATTR > HAVE_FOPEN64 > HAVE_FREMOVEXATTR > HAVE_FSEEKO64 > HAVE_FSETXATTR > HAVE_FSTAT > HAVE_FSTAT64 > HAVE_FSYNC > HAVE_FTELLO64 > HAVE_FTRUNCATE > HAVE_FTRUNCATE64 > HAVE_FTRUNCATE_EXTEND > HAVE_FUNCTION_MACRO > HAVE_GETCWD > HAVE_GETDIRENTRIES > HAVE_GETGRENT > HAVE_GETGRNAM > HAVE_GETMNTENT > HAVE_GETNETGRENT > HAVE_GETRLIMIT > HAVE_GETSPNAM > HAVE_GETTIMEOFDAY_TZ > HAVE_GETXATTR > HAVE_GLOB > HAVE_GRANTPT > HAVE_GSSAPI > HAVE_GSS_DISPLAY_STATUS > HAVE_ICONV > HAVE_IFACE_IFCONF > HAVE_IMMEDIATE_STRUCTURES > HAVE_INITGROUPS > HAVE_INNETGR > HAVE_KERNEL_CHANGE_NOTIFY > HAVE_KERNEL_OPLOCKS_LINUX > HAVE_KERNEL_SHARE_MODES > HAVE_KRB5 > HAVE_KRB5_AUTH_CON_SETUSERUSERKEY > HAVE_KRB5_ENCRYPT_DATA > HAVE_KRB5_FREE_KTYPES > HAVE_KRB5_GET_PERMITTED_ENCTYPES > HAVE_KRB5_LOCATE_KDC > HAVE_KRB5_MK_REQ_EXTENDED > HAVE_KRB5_PRINCIPAL2SALT > HAVE_KRB5_PRINC_COMPONENT > HAVE_KRB5_SET_DEFAULT_TGS_KTYPES > HAVE_KRB5_SET_REAL_TIME > HAVE_KRB5_STRING_TO_KEY > HAVE_KRB5_TKT_ENC_PART2 > HAVE_KRB5_USE_ENCTYPE > HAVE_LDAP > HAVE_LDAP_DOMAIN2HOSTLIST > HAVE_LDAP_INIT > HAVE_LDAP_INITIALIZE > HAVE_LDAP_SET_REBIND_PROC > HAVE_LGETXATTR > HAVE_LIBCOM_ERR > HAVE_LIBGSSAPI_KRB5 > HAVE_LIBK5CRYPTO > HAVE_LIBKRB5 > HAVE_LIBLBER > HAVE_LIBLDAP > HAVE_LIBPAM > HAVE_LIBREADLINE > HAVE_LIBRESOLV > HAVE_LINK > HAVE_LISTXATTR > HAVE_LLISTXATTR > HAVE_LLSEEK > HAVE_LONGLONG > HAVE_LREMOVEXATTR > HAVE_LSEEK64 > HAVE_LSETXATTR > HAVE_LSTAT64 > HAVE_MEMMOVE > HAVE_MEMSET > HAVE_MKNOD > HAVE_MKTIME > HAVE_MMAP > HAVE_NATIVE_ICONV > HAVE_NL_LANGINFO > HAVE_OPEN64 > HAVE_PATHCONF > HAVE_PIPE > HAVE_POLL > HAVE_POSIX_ACLS > HAVE_PREAD > HAVE_PREAD64 > HAVE_PUTUTLINE > HAVE_PUTUTXLINE > HAVE_PWRITE > HAVE_PWRITE64 > HAVE_QUOTACTL_4A > HAVE_RAND > HAVE_RANDOM > HAVE_READDIR64 > HAVE_READLINK > HAVE_REALPATH > HAVE_REMOVEXATTR > HAVE_RENAME > HAVE_ROOT > HAVE_SECURE_MKSTEMP > HAVE_SELECT > HAVE_SETBUFFER > HAVE_SETENV > HAVE_SETGROUPS > HAVE_SETLINEBUF > HAVE_SETLOCALE > HAVE_SETMNTENT > HAVE_SETNETGRENT > HAVE_SETPGID > HAVE_SETRESGID > HAVE_SETRESUID > HAVE_SETSID > HAVE_SETXATTR > HAVE_SHMGET > HAVE_SIGACTION > HAVE_SIGBLOCK > HAVE_SIGPROCMASK > HAVE_SIGSET > HAVE_SIG_ATOMIC_T_TYPE > HAVE_SNPRINTF > HAVE_SNPRINTF_DECL > HAVE_SOCKLEN_T_TYPE > HAVE_SRAND > HAVE_SRANDOM > HAVE_STAT64 > HAVE_STAT_ST_BLKSIZE > HAVE_STAT_ST_BLOCKS > HAVE_STRCASECMP > HAVE_STRCHR > HAVE_STRDUP > HAVE_STRERROR > HAVE_STRFTIME > HAVE_STRNDUP > HAVE_STRNLEN > HAVE_STRPBRK > HAVE_STRTOUL > HAVE_STRUCT_DIRENT64 > HAVE_STRUCT_FLOCK64 > HAVE_STRUCT_IF_DQBLK > HAVE_STRUCT_STAT_ST_RDEV > HAVE_ST_RDEV > HAVE_SYMLINK > HAVE_SYSCALL > HAVE_SYSCONF > HAVE_SYSLOG > HAVE_SYS_QUOTAS > HAVE_TIMEGM > HAVE_UNIXSOCKET > HAVE_UPDWTMP > HAVE_UPDWTMPX > HAVE_USLEEP > HAVE_UTIMBUF > HAVE_UTIME > HAVE_UTIMES > HAVE_VASPRINTF > HAVE_VASPRINTF_DECL > HAVE_VA_COPY > HAVE_VOLATILE > HAVE_VSNPRINTF > HAVE_VSNPRINTF_DECL > HAVE_VSYSLOG > HAVE_WAITPID > HAVE_XFS_EXT_ACLS > HAVE_YP_GET_DEFAULT_DOMAIN > HAVE__ET_LIST > HAVE___CLOSE > HAVE___DUP2 > HAVE___FCNTL > HAVE___FORK > HAVE___FSTAT > HAVE___FXSTAT > HAVE___LSEEK > HAVE___LSTAT > HAVE___LXSTAT > HAVE___OPEN > HAVE___OPEN64 > HAVE___PREAD64 > HAVE___PWRITE64 > HAVE___READ > HAVE___STAT > HAVE___WRITE > HAVE___XSTAT > > --with Options: > WITH_ADS > WITH_PAM > WITH_QUOTAS > WITH_UTMP > WITH_WINBIND > > Build Options: > COMPILER_SUPPORTS_LL > DEFAULT_DISPLAY_CHARSET > DEFAULT_DOS_CHARSET > DEFAULT_UNIX_CHARSET > LDAP_SET_REBIND_PROC_ARGS > LINUX > PACKAGE_BUGREPORT > PACKAGE_NAME > PACKAGE_STRING > PACKAGE_TARNAME > PACKAGE_VERSION > REPLACE_GETPASS > RETSIGTYPE > SEEKDIR_RETURNS_VOID > SIZEOF_INO_T > SIZEOF_INT > SIZEOF_LONG > SIZEOF_OFF_T > SIZEOF_SHORT > STAT_STATVFS64 > STAT_ST_BLOCKSIZE > STDC_HEADERS > STRING_STATIC_MODULES > SYSCONF_SC_NGROUPS_MAX > TIME_WITH_SYS_TIME > USE_SETRESUID > WITH_ADS > WITH_PAM > WITH_QUOTAS > WITH_WINBIND > _FILE_OFFSET_BITS > _GNU_SOURCE > _LARGEFILE64_SOURCE > _POSIX_C_SOURCE > _POSIX_SOURCE > offset_t > static_init_auth > static_init_charset > static_init_idmap > static_init_pdb > static_init_rpc > static_init_vfs > vfs_audit_init > vfs_default_quota_init > vfs_extd_audit_init > vfs_fake_perms_init > vfs_netatalk_init > vfs_readonly_init > vfs_recycle_init > >Type sizes: > sizeof(char): 1 > sizeof(int): 4 > sizeof(long): 4 > sizeof(uint8): 1 > sizeof(uint16): 2 > sizeof(uint32): 4 > sizeof(short): 2 > sizeof(void*): 4 > >Builtin modules: > pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_guest rpc_lsa rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_samr idmap_ldap idmap_tdb auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin >lp_load: refreshing parameters >Initialising global parameters >params.c:pm_process() - Processing configuration file "/etc/smb.conf" >Processing section "[global]" >doing parameter workgroup = NEWCITRIX >doing parameter server string = Snap Server 4500 >doing parameter timestamp logs = yes >doing parameter dos filetimes = yes >doing parameter dos filemode = yes >doing parameter inherit acls = yes >doing parameter name cache timeout = 0 >doing parameter winbind uid = 20000-600000 >doing parameter winbind gid = 20000-600000 >doing parameter guest account = guest >doing parameter map to guest = Never >doing parameter unix charset = CP1252 >doing parameter dos charset = CP850 >doing parameter security = ADS >doing parameter realm = NEWCITRIX.VALHALLA >doing parameter password server = NEWCITRIX.VALHALLA >doing parameter disable netbios = No >doing parameter encrypt passwords = Yes >doing parameter username level = 5 >doing parameter debug level = 0 >doing parameter include = /etc/smb.conf.perm >params.c:pm_process() - Processing configuration file "/etc/smb.conf.perm" >doing parameter panic action = /usr/bin/backtrace %d > /tmp/segv_samba_%d.out 2>&1 >doing parameter root preexec = /usr/local/samba/bin/log_connect.sh '%u' '%m' '%I' '%S' >doing parameter root postexec = /usr/local/samba/bin/log_disconnect.sh '%u' '%m' '%I' '%S' >doing parameter wins server = eth0:10.33.0.100 eth0:10.33.32.24 >doing parameter username level = 0 >doing parameter realm = NEWCITRIX.VALHALLA >doing parameter include = /etc/smb.conf.extra >Can't find include file /etc/smb.conf.extra >doing parameter include = /etc/smb_shares.conf >params.c:pm_process() - Processing configuration file "/etc/smb_shares.conf" >Processing section "[SHARE1]" >doing parameter path = /shares/SHARE1 >doing parameter read only = no >doing parameter comment = >doing parameter follow symlinks = no >doing parameter printable = no >doing parameter browseable = yes >doing parameter map acl inherit = yes >doing parameter create mask = 0777 >doing parameter security mask = 0777 >doing parameter directory mask = 0777 >doing parameter directory security mask = 0777 >doing parameter create mask_ext = 0777 >doing parameter directory mask_ext = 0777 >doing parameter guest ok = No >doing parameter write list = @"AllUsers" >pm_process() returned Yes >lp_servicenumber: couldn't find homes >adding IPC service >adding IPC service >set_server_role: role = ROLE_DOMAIN_MEMBER >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Substituting charset 'ANSI_X3.4-1968' for LOCALE >Failed to load /etc/valid.dat - No such file or directory >creating default valid table >lp_servicenumber: couldn't find printers >lp_servicenumber: couldn't find printers >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 > >file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 > >file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 > >added interface ip=10.33.1.170 bcast=10.33.31.255 nmask=255.255.224.0 >Hash size = 521. >Netbios name list:- >my_netbios_names[0]="MKAP-TYPHOON" >loaded services >fcntl_lock 6 13 0 1 1 >fcntl_lock: Lock call successful >Registered MSG_REQ_POOL_USAGE >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >update_c_setprinter: c_setprinter = 0 >claiming 0 >bind succeeded on port 445 >socket option SO_KEEPALIVE = 1 >socket option SO_REUSEADDR = 1 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 0 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >socket option SO_KEEPALIVE = 1 >socket option SO_REUSEADDR = 1 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >bind succeeded on port 139 >socket option SO_KEEPALIVE = 1 >socket option SO_REUSEADDR = 1 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 0 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >socket option SO_KEEPALIVE = 1 >socket option SO_REUSEADDR = 1 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >waiting for a connection >namecache_enable: disabling netbios name cache >reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] >sorted_tree_add: Enter >sorted_tree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree >sorted_tree_add: Exit >Trying to load: smbpasswd >Attempting to register passdb backend ldapsam >Successfully added passdb backend 'ldapsam' >Attempting to register passdb backend ldapsam_compat >Successfully added passdb backend 'ldapsam_compat' >Attempting to register passdb backend smbpasswd >Successfully added passdb backend 'smbpasswd' >Attempting to register passdb backend tdbsam >Successfully added passdb backend 'tdbsam' >Attempting to register passdb backend guest >Successfully added passdb backend 'guest' >Attempting to find an passdb backend to match smbpasswd (smbpasswd) >Found pdb backend smbpasswd >pdb backend smbpasswd has a valid init >Attempting to find an passdb backend to match guest (guest) >Found pdb backend guest >pdb backend guest has a valid init >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 > >file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 > >file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 > >open_oplock_ipc: opening loopback UDP socket. >bind succeeded on port 0 >Linux kernel oplocks enabled >open_oplock ipc: pid = 19651, global_oplock_port = 16391 >Serverzone is 0 >got smb length of 133 >got message type 0x0 of len 0x85 >Transaction 0 of length 137 >size=133 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51283 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=0 >smt_wct=0 >smb_bcc=98 >[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG >[010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 >[020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for >[030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. >[040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM >[050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 >[060] 32 00 2. >switch message SMBnegprot (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Requested protocol [PC NETWORK PROGRAM 1.0] >Requested protocol [LANMAN1.0] >Requested protocol [Windows for Workgroups 3.1a] >Requested protocol [LM1.2X002] >Requested protocol [LANMAN2.1] >Requested protocol [NT LM 0.12] >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 > >file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 > >file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 > >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 > >file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 > >file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 > >using SPNEGO >Selected protocol NT LM 0.12 >negprot index=5 >size=177 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=0 >smt_wct=17 >smb_vwv[ 0]= 5 (0x5) >smb_vwv[ 1]=12803 (0x3203) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]=49920 (0xC300) >smb_vwv[ 8]= 76 (0x4C) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 227 (0xE3) >smb_vwv[11]= 128 (0x80) >smb_vwv[12]=20764 (0x511C) >smb_vwv[13]=49217 (0xC041) >smb_vwv[14]=50033 (0xC371) >smb_vwv[15]= 1 (0x1) >smb_vwv[16]=27648 (0x6C00) >smb_bcc=108 >[000] 6D 6B 61 70 2D 74 79 70 68 6F 6F 6E 00 00 00 00 mkap-typ hoon.... >[010] 60 5A 06 06 2B 06 01 05 05 02 A0 50 30 4E A0 24 `Z..+... ...P0N.$ >[020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* >[030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... >[040] 37 02 02 0A A3 26 30 24 A0 22 1B 20 6D 6B 61 70 7....&0$ .". mkap >[050] 2D 74 79 70 68 6F 6F 6E 24 40 4E 45 57 43 49 54 -typhoon $@NEWCIT >[060] 52 49 58 2E 56 41 4C 48 41 4C 4C 41 RIX.VALH ALLA >write_socket(16,181) >write_socket(16,181) wrote 181 >got smb length of 198 >got message type 0x0 of len 0xc6 >Transaction 1 of length 202 >size=198 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=12800 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 198 (0xC6) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 66 (0x42) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=139 >[000] 60 40 06 06 2B 06 01 05 05 02 A0 36 30 34 A0 0E `@..+... ...604.. >[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 22 0...+... ..7...." >[020] 04 20 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 . NTLMSS P....... >[030] 00 E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[040] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[050] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 >[060] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o >[070] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[080] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... >switch message SMBsesssetupX (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] >Got OID 1 3 6 1 4 1 311 2 2 10 >Got secblob of size 32 >Making default auth method list for security=ADS >Attempting to register auth backend rhosts >Successfully added auth method 'rhosts' >Attempting to register auth backend hostsequiv >Successfully added auth method 'hostsequiv' >Attempting to register auth backend sam >Successfully added auth method 'sam' >Attempting to register auth backend sam_ignoredomain >Successfully added auth method 'sam_ignoredomain' >Attempting to register auth backend unix >Successfully added auth method 'unix' >Attempting to register auth backend winbind >Successfully added auth method 'winbind' >Attempting to register auth backend smbserver >Successfully added auth method 'smbserver' >Attempting to register auth backend trustdomain >Successfully added auth method 'trustdomain' >Attempting to register auth backend ntdomain >Successfully added auth method 'ntdomain' >Attempting to register auth backend guest >Successfully added auth method 'guest' >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match winbind:ntdomain >load_auth_module: Attempting to find an auth method to match ntdomain >load_auth_module: auth method ntdomain has a valid init >load_auth_module: auth method winbind has a valid init >Got NTLMSSP neg_flags=0xe0008297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: module winbind did not want to specify a challenge >auth_context challenge created by random >challenge is: >[000] 30 1A C9 E8 AB F1 3E 45 0.....>E >write_socket(16,334) >write_socket(16,334) wrote 334 >got smb length of 316 >got message type 0x0 of len 0x13c >Transaction 2 of length 320 >size=316 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=12864 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 316 (0x13C) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 184 (0xB8) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=257 >[000] A1 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D ...0.... ....NTLM >[010] 53 53 50 00 03 00 00 00 18 00 18 00 7C 00 00 00 SSP..... ....|... >[020] 18 00 18 00 94 00 00 00 18 00 18 00 40 00 00 00 ........ ....@... >[030] 0A 00 0A 00 58 00 00 00 1A 00 1A 00 62 00 00 00 ....X... ....b... >[040] 00 00 00 00 AC 00 00 00 15 02 80 20 6D 00 6B 00 ........ ... m.k. >[050] 61 00 70 00 2D 00 74 00 79 00 70 00 68 00 6F 00 a.p.-.t. y.p.h.o. >[060] 6F 00 6E 00 61 00 64 00 6D 00 69 00 6E 00 4D 00 o.n.a.d. m.i.n.M. >[070] 4B 00 41 00 50 00 4C 00 41 00 4E 00 2D 00 57 00 K.A.P.L. A.N.-.W. >[080] 49 00 4E 00 32 00 4B 00 12 7D 33 E4 0B A6 D1 2E I.N.2.K. .}3..... >[090] 66 78 9D 60 36 90 2B 1A 6D 80 72 B3 5B CA 8B D3 fx.`6.+. m.r.[... >[0A0] 22 39 7E A7 A7 F4 6D 89 7B 15 A3 81 B6 42 1F E8 "9~...m. {....B.. >[0B0] E4 67 9C 73 39 52 E6 9E 00 57 00 69 00 6E 00 64 .g.s9R.. .W.i.n.d >[0C0] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 >[0D0] 00 20 00 32 00 31 00 39 00 35 00 00 00 57 00 69 . .2.1.9 .5...W.i >[0E0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 >[0F0] 00 30 00 30 00 20 00 35 00 2E 00 30 00 00 00 00 .0.0. .5 ...0.... >[100] 00 . >switch message SMBsesssetupX (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] >Got user=[admin] domain=[mkap-typhoon] workstation=[MKAPLAN-WIN2K] len1=24 len2=24 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Sep 3 02:05:17 2003 > >file /etc/smb.conf.extra -> /etc/smb.conf.extra last mod_time: Wed Dec 31 23:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Tue Sep 2 19:27:08 2003 > >file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Sep 2 19:27:07 2003 > >make_user_info_map: Mapping user [mkap-typhoon]\[admin] from workstation [MKAPLAN-WIN2K] >Opening cache file at /var/lock/samba/gencache.tdb >Cache entry with key = TDOM/MKAP-TYPHOON couldn't be found >no entry for trusted domain mkap-typhoon found. >attempting to make a user_info for admin (admin) >making strings for admin's user_info struct >making blobs for admin's user_info struct >made an encrypted user_info for admin (admin) >check_ntlm_password: Checking password for unmapped user [mkap-typhoon]\[admin]@[MKAPLAN-WIN2K] with the new password interface >check_ntlm_password: mapped user is: [mkap-typhoon]\[admin]@[MKAPLAN-WIN2K] >check_ntlm_password: auth_context challenge created by random >challenge is: >[000] 30 1A C9 E8 AB F1 3E 45 0.....>E >check_ntlm_password: guest had nothing to say >is_myname("mkap-typhoon") returns 1 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >getsampwnam (smbpasswd): search by name: admin >startsmbfilepwent_internal: opening file /etc/private/smbpasswd >getsmbfilepwent: returning passwd entry for user guest, uid 4 >getsmbfilepwent: returning passwd entry for user admin, uid 1 >endsmbfilepwent_internal: closed password file. >getsampwnam (smbpasswd): found by name: admin >pdb_set_username: setting username admin, was >element 11 -> now SET >pdb_set_full_name: setting full name admin, was >element 12 -> now SET >pdb_set_unix_homedir: setting home dir /local_user_, was NULL >element 21 -> now SET >pdb_set_domain: setting domain MKAP-TYPHOON, was >pdb_set_user_sid: setting user sid S-1-5-21-1250349775-4091538868-537732204-1002 >element 17 -> now SET >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1250349775-4091538868-537732204-1002 from rid 1002 >pdb_set_group_sid: setting group sid S-1-5-21-1250349775-4091538868-537732204-1201 >element 18 -> now SET >Home server: mkap-typhoon >pdb_set_profile_path: setting profile path \\mkap-typhoon\admin\profile, was >Home server: mkap-typhoon >pdb_set_homedir: setting home dir \\mkap-typhoon\admin, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >element 31 -> now SET >element 30 -> now SET >element 19 -> now SET >element 20 -> now SET >element 8 -> now SET >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >sam_password_ok: Checking NT MD4 password >sam_account_ok: Checking SMB password for user admin >sys_getgrouplist: user [admin] >sys_getgrouplist(): disabled winbindd for group lookup [user == admin] >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >local_gid_to_sid: gid (100) -> SID S-1-5-21-1250349775-4091538868-537732204-1201. >gid_to_sid: local 100 -> S-1-5-21-1250349775-4091538868-537732204-1201 >fetch sid from gid cache 100 -> S-1-5-21-1250349775-4091538868-537732204-1201 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >local_gid_to_sid: gid (0) -> SID S-1-5-21-1250349775-4091538868-537732204-1001. >gid_to_sid: local 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >make_server_info_sam: made server info for user admin -> admin >check_ntlm_password: sam authentication for user [admin] succeeded >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: PAM Account for user [admin] succeeded >check_ntlm_password: authentication for user [admin] -> [admin] -> [admin] succeeded >attempting to free (and zero) a user_info structure >structure was created for admin >register_vuid: allocated vuid = 100 >register_vuid: (1,100) admin admin MKAP-TYPHOON guest=0 >User name: admin Real name: admin >UNIX uid 1 is UNIX user admin, and will be vuid 100 >Adding/updating homes service for user 'admin' using home directory: '/local_user_' >lp_servicenumber: couldn't find homes >write_socket(16,184) >write_socket(16,184) wrote 184 >got smb length of 92 >got message type 0x0 of len 0x5c >Transaction 3 of length 96 >size=92 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=12928 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=49 >[000] 00 5C 00 5C 00 31 00 30 00 2E 00 33 00 33 00 2E .\.\.1.0 ...3.3.. >[010] 00 31 00 2E 00 31 00 37 00 30 00 5C 00 53 00 48 .1...1.7 .0.\.S.H >[020] 00 41 00 52 00 45 00 31 00 00 00 3F 3F 3F 3F 3F .A.R.E.1 ...????? >[030] 00 . >switch message SMBtconX (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [SHARE1] >making a connection to 'normal' service share1 >Finding user admin >Trying _Get_Pwnam(), username as lowercase is admin >Get_Pwnam_internals did find user [admin]! >user_in_list: checking user admin in list >user_in_list: checking user |admin| against |@AllUsers| >Unable to get default yp domain >Connect path is '/shares/SHARE1' for service [SHARE1] >get_share_security: using default secdesc for SHARE1 >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. >se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >Initialising default vfs hooks >claiming SHARE1 0 >cmd=/usr/local/samba/bin/log_connect.sh 'admin' 'mkaplan-win2k' '10.33.1.136' 'SHARE1' >get_share_security: using default secdesc for SHARE1 >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. >se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >mkaplan-win2k (10.33.1.136) connect to service SHARE1 initially as user admin (uid=1, gid=100) (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=SHARE1 >size=54 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=12928 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=13 >[000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... >write_socket(16,58) >write_socket(16,58) wrote 58 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 4 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=3036 >smb_uid=100 >smb_mid=12992 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 08 0A 00 02 01 ..... >switch message SMBtrans2 (pid 19651) >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >vfs_ChDir to /shares/SHARE1 >call_trans2qfsinfo: level = 258 >call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = 6, vol=SHARE1 serv=SHARE1 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 30, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 30, paramsize = 0, datasize = 30 >write_socket(16,90) >write_socket(16,90) wrote 90 >SMBtrans2 info_level = 258 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 5 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=13057 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 50 00 2D EC 03 00 00 00 00 5C 00 44 00 65 00 73 P.-..... .\.D.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) >error string = No such file or directory >error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=13057 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 6 of length 114 >size=110 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13121 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 6144 (0x1800) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=27 >[000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p >[010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >unix_mode(Desktop.ini) returning 0766 >allocated file structure 5667, fnum = 9763 (1 used) >open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory >Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) >freed files structure 9763 (0 used) >error string = No such file or directory >error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0xa2 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13121 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 7 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=13185 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 50 00 2D EC 03 00 00 00 00 5C 00 44 00 65 00 73 P.-..... .\.D.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) >error string = No such file or directory >error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=13185 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 8 of length 114 >size=110 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13249 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 6144 (0x1800) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=27 >[000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p >[010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >unix_mode(Desktop.ini) returning 0766 >allocated file structure 5668, fnum = 9764 (1 used) >open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory >Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) >freed files structure 9764 (0 used) >error string = No such file or directory >error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0xa2 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13249 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 76 >got message type 0x0 of len 0x4c >Transaction 9 of length 80 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13313 >smt_wct=15 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 8 (0x8) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=11 >[000] 08 0A 00 EC 03 00 00 00 00 00 00 ........ ... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "" >unix_clean_name [] >conversion finished . -> . >is_in_path: . >is_in_path: no name list. >unix_clean_name [.] >call_trans2qfilepathinfo . level=1004 call=5 total_data=0 >dos_mode: . >is_in_path: . >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Wed Sep 3 02:05:05 2003 > access: Wed Sep 3 02:08:48 2003 > write: Wed Sep 3 02:05:05 2003 > change: Wed Sep 3 02:05:05 2003 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 10 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13377 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 08 0A 00 EF 03 ..... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 11 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13441 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 00 6C 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 .l...... .\.d.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\desktop.ini" >unix_clean_name [/desktop.ini] >unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file desktop.ini >is_in_path: desktop.ini >is_in_path: no name list. >unix_clean_name [desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) >error string = No such file or directory >error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13441 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 12 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13505 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 6C 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .l...V.. .......\ >[010] 00 2A 00 00 00 .*... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\*" >unix_clean_name [/*] >unix_convert begin: name = *, dirpath = , start = * >New file * >is_in_path: * >is_in_path: no name list. >unix_clean_name [*] >dir=./, mask = * >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 >ms_fnmatch(*,.) -> 0 >dos_mode: ./. >is_in_path: ./. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./. fname=. >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 >ms_fnmatch(*,.) -> 0 >dos_mode: ./.. >is_in_path: ./.. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./.. fname=.. >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 >ms_fnmatch(*,.os_private) -> 0 >dos_mode: ./.os_private >dos_mode returning hd >get_lanman2_dir_entry found ./.os_private fname=.os_private >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 >ms_fnmatch(*,s) -> 0 >dos_mode: ./s >is_in_path: ./s >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./s fname=s >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 >ms_fnmatch(*,1) -> 0 >dos_mode: ./1 >is_in_path: ./1 >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./1 fname=1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 >ms_fnmatch(*,b) -> 0 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 600, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 600, paramsize = 10, datasize = 600 >write_socket(16,672) >write_socket(16,672) wrote 672 >SMBtrans2 mask=* directory=./ dirtype=22 numentries=6 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 13 of length 92 >size=88 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13569 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 512 (0x200) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 256 (0x100) >smb_vwv[ 8]= 4096 (0x1000) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 256 (0x100) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=5 >[000] 00 5C 00 00 00 .\... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x100001, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "\" >unix_clean_name [/] >conversion finished . -> . >unix_mode(.) returning 0766 >allocated file structure 5669, fnum = 9765 (1 used) >open_directory: opening directory . >dos_mode: . >is_in_path: . >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 9765, open name = . >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13569 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 9472 (0x2500) >smb_vwv[ 3]= 294 (0x126) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=32768 (0x8000) >smb_vwv[ 6]=46110 (0xB41E) >smb_vwv[ 7]=49098 (0xBFCA) >smb_vwv[ 8]=50033 (0xC371) >smb_vwv[ 9]= 1 (0x1) >smb_vwv[10]=40760 (0x9F38) >smb_vwv[11]=49231 (0xC04F) >smb_vwv[12]=50033 (0xC371) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=46110 (0xB41E) >smb_vwv[15]=49098 (0xBFCA) >smb_vwv[16]=50033 (0xC371) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=46110 (0xB41E) >smb_vwv[19]=49098 (0xBFCA) >smb_vwv[20]=50033 (0xC371) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 14 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13633 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 23 (0x17) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 9765 (0x2625) >smb_vwv[22]= 0 (0x0) >smb_bcc=3 >[000] 00 00 10 ... >switch message SMBnttrans (pid 19651) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] 17 00 00 00 25 26 00 00 ....%&.. >call_nt_transact_notify_change >kernel change notify on . (ntflags=0x17 flags=0x3e) fd=27 >call_nt_transact_notify_change: notify change called on directory name = . >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 15 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13696 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 3 (0x3) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 9765 (0x2625) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[000] 00 00 10 ... >switch message SMBnttrans (pid 19651) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] 03 00 00 00 25 26 01 00 ....%&.. >call_nt_transact_notify_change >kernel change notify on . (ntflags=0x3 flags=0x1e) fd=28 >call_nt_transact_notify_change: notify change called on directory name = . >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 16 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=13762 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 02 00 00 EC 03 00 00 00 00 5C 00 44 00 65 00 73 ........ .\.D.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) >error string = No such file or directory >error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=13762 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 17 of length 114 >size=110 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13826 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 6144 (0x1800) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=27 >[000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p >[010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >unix_mode(Desktop.ini) returning 0766 >allocated file structure 5670, fnum = 9766 (2 used) >open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory >Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) >freed files structure 9766 (1 used) >error string = No such file or directory >error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0xa2 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13826 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 18 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=13890 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 02 00 00 EC 03 00 00 00 00 5C 00 44 00 65 00 73 ........ .\.D.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) >error string = No such file or directory >error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=13890 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 19 of length 114 >size=110 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13954 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 6144 (0x1800) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=27 >[000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p >[010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >unix_mode(Desktop.ini) returning 0766 >allocated file structure 5671, fnum = 9767 (2 used) >open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory >Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) >freed files structure 9767 (1 used) >error string = No such file or directory >error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0xa2 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=13954 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 20 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14018 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 63 00 EF 03 .c... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 21 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=14082 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 00 6C 00 EC 03 00 00 00 00 5C 00 44 00 65 00 73 .l...... .\.D.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) >error string = No such file or directory >error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=14082 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 22 of length 114 >size=110 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14146 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 6144 (0x1800) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=27 >[000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p >[010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >unix_mode(Desktop.ini) returning 0766 >allocated file structure 5672, fnum = 9768 (2 used) >open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory >Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) >freed files structure 9768 (1 used) >error string = No such file or directory >error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0xa2 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14146 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 23 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=14210 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 00 6C 00 EC 03 00 00 00 00 5C 00 44 00 65 00 73 .l...... .\.D.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of Desktop.ini failed (No such file or directory) >error string = No such file or directory >error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=14210 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 24 of length 114 >size=110 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14274 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 6144 (0x1800) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=27 >[000] 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 .\.D.e.s .k.t.o.p >[010] 00 2E 00 69 00 6E 00 69 00 00 00 ...i.n.i ... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "\Desktop.ini" >unix_clean_name [/Desktop.ini] >unix_convert begin: name = Desktop.ini, dirpath = , start = Desktop.ini >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file Desktop.ini >unix_mode(Desktop.ini) returning 0766 >allocated file structure 5673, fnum = 9769 (2 used) >open_file_shared: fname = Desktop.ini, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 >is_in_path: Desktop.ini >is_in_path: no name list. >unix_clean_name [Desktop.ini] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name Desktop.ini, flags = 0400000 mode = 0766, fd = -1. No such file or directory >Error opening file Desktop.ini (No such file or directory) (local_flags=0) (flags=0) >freed files structure 9769 (1 used) >error string = No such file or directory >error packet at smbd/nttrans.c(850) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0xa2 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14274 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 25 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14338 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 6C 00 EF 03 .l... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 26 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=3036 >smb_uid=100 >smb_mid=14402 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 6C 00 05 01 .l... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >write_socket(16,80) >write_socket(16,80) wrote 80 >SMBtrans2 info_level = 261 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 27 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=3036 >smb_uid=100 >smb_mid=14466 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 6C 00 02 01 .l... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 258 >call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = 6, vol=SHARE1 serv=SHARE1 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 30, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 30, paramsize = 0, datasize = 30 >write_socket(16,90) >write_socket(16,90) wrote 90 >SMBtrans2 info_level = 258 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 28 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=3036 >smb_uid=100 >smb_mid=14530 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] FF FF 7F 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ >[010] 00 2A 00 00 00 .*... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\*" >unix_clean_name [/*] >unix_convert begin: name = *, dirpath = , start = * >New file * >is_in_path: * >is_in_path: no name list. >unix_clean_name [*] >dir=./, mask = * >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 >ms_fnmatch(*,.) -> 0 >dos_mode: ./. >is_in_path: ./. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./. fname=. >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 >ms_fnmatch(*,.) -> 0 >dos_mode: ./.. >is_in_path: ./.. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./.. fname=.. >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 >ms_fnmatch(*,.os_private) -> 0 >dos_mode: ./.os_private >dos_mode returning hd >get_lanman2_dir_entry found ./.os_private fname=.os_private >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 >ms_fnmatch(*,s) -> 0 >dos_mode: ./s >is_in_path: ./s >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./s fname=s >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 >ms_fnmatch(*,1) -> 0 >dos_mode: ./1 >is_in_path: ./1 >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./1 fname=1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 >ms_fnmatch(*,b) -> 0 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 600, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 600, paramsize = 10, datasize = 600 >write_socket(16,672) >write_socket(16,672) wrote 672 >SMBtrans2 mask=* directory=./ dirtype=22 numentries=6 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 29 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=3036 >smb_uid=100 >smb_mid=14594 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 6C 00 EF 03 .l... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 30 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14658 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 6C 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .l...V.. .......\ >[010] 00 2A 00 00 00 .*... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\*" >unix_clean_name [/*] >unix_convert begin: name = *, dirpath = , start = * >New file * >is_in_path: * >is_in_path: no name list. >unix_clean_name [*] >dir=./, mask = * >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 >ms_fnmatch(*,.) -> 0 >dos_mode: ./. >is_in_path: ./. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./. fname=. >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 >ms_fnmatch(*,.) -> 0 >dos_mode: ./.. >is_in_path: ./.. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./.. fname=.. >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 >ms_fnmatch(*,.os_private) -> 0 >dos_mode: ./.os_private >dos_mode returning hd >get_lanman2_dir_entry found ./.os_private fname=.os_private >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 >ms_fnmatch(*,s) -> 0 >dos_mode: ./s >is_in_path: ./s >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./s fname=s >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 >ms_fnmatch(*,1) -> 0 >dos_mode: ./1 >is_in_path: ./1 >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./1 fname=1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 >ms_fnmatch(*,b) -> 0 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 600, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 600, paramsize = 10, datasize = 600 >write_socket(16,672) >write_socket(16,672) wrote 672 >SMBtrans2 mask=* directory=./ dirtype=22 numentries=6 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 31 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14722 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >stat_cache_add: Added entry B -> b >conversion finished b -> b >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 80 >got message type 0x0 of len 0x50 >Transaction 32 of length 84 >size=80 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14786 >smt_wct=15 >smb_vwv[ 0]= 12 (0xC) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 12 (0xC) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=15 >[000] 00 6C 00 EC 03 00 00 00 00 5C 00 62 00 00 00 .l...... .\.b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >call_trans2qfilepathinfo b level=1004 call=5 total_data=0 >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Wed Sep 3 02:05:05 2003 > access: Wed Sep 3 02:06:03 2003 > write: Wed Sep 3 02:05:05 2003 > change: Wed Sep 3 02:05:05 2003 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 33 of length 94 >size=90 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14850 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=7 >[000] 00 5C 00 62 00 00 00 .\.b... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20089, share access 0x7, file attributes 0x80 to open_mode 0x8040 >unix_convert called on file "\b" >unix_clean_name [/b] >unix_mode(b) returning 0766 >allocated file structure 5674, fnum = 9770 (2 used) >open_file_shared: fname = b, share_mode = 8040, ofun = 1, mode = 766, oplock request = 3 >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name b, flags = 0400000 mode = 0766, fd = 29. >freed files structure 9770 (1 used) >allocated file structure 5675, fnum = 9771 (2 used) >open_directory: opening directory b >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 9771, open name = b >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14850 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=11008 (0x2B00) >smb_vwv[ 3]= 294 (0x126) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=32768 (0x8000) >smb_vwv[ 6]=46110 (0xB41E) >smb_vwv[ 7]=49098 (0xBFCA) >smb_vwv[ 8]=50033 (0xC371) >smb_vwv[ 9]=32769 (0x8001) >smb_vwv[10]=17975 (0x4637) >smb_vwv[11]=49133 (0xBFED) >smb_vwv[12]=50033 (0xC371) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=46110 (0xB41E) >smb_vwv[15]=49098 (0xBFCA) >smb_vwv[16]=50033 (0xC371) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=46110 (0xB41E) >smb_vwv[19]=49098 (0xBFCA) >smb_vwv[20]=50033 (0xC371) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 72 >got message type 0x0 of len 0x48 >Transaction 34 of length 76 >size=72 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14914 >smt_wct=15 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 2046 (0x7FE) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 4 (0x4) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 7 (0x7) >smb_bcc=7 >[000] 00 6C 00 2B 26 FE 03 .l.+&.. >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >unix_convert called on file "b" >unix_clean_name [b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >call_trans2qfilepathinfo b level=1022 call=7 total_data=0 >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >t2_rep: params_sent_thistime = 2, data_sent_thistime = 0, useable_space = 131012 >t2_rep: params_to_send = 2, data_to_send = 0, paramsize = 2, datasize = 0 >write_socket(16,62) >write_socket(16,62) wrote 62 >got smb length of 72 >got message type 0x0 of len 0x48 >Transaction 35 of length 76 >size=72 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=14978 >smt_wct=15 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 4 (0x4) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 7 (0x7) >smb_bcc=7 >[000] 00 6C 00 2B 26 EC 03 .l.+&.. >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >unix_convert called on file "b" >unix_clean_name [b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >call_trans2qfilepathinfo b level=1004 call=7 total_data=0 >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Wed Sep 3 02:05:05 2003 > access: Wed Sep 3 02:06:03 2003 > write: Wed Sep 3 02:05:05 2003 > change: Wed Sep 3 02:05:05 2003 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 36 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=15042 >smt_wct=3 >smb_vwv[ 0]= 9771 (0x262B) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 19651) >change_to_user: Skipping user change - already user >close directory fnum=9771 >freed files structure 9771 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=15042 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 37 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15106 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 38 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15170 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 39 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .9...V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 39 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15234 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 6C 00 05 01 .l... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >write_socket(16,80) >write_socket(16,80) wrote 80 >SMBtrans2 info_level = 261 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 40 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15298 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 41 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15362 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 42 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15426 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 6C 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .l...V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 43 of length 94 >size=90 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15490 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 8192 (0x2000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=7 >[000] 00 5C 00 62 00 00 00 .\.b... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: Mapped desired access 0x20089, share access 0x3, file attributes 0x80 to open_mode 0x40 >unix_convert called on file "\b" >unix_clean_name [/b] >unix_mode(b) returning 0766 >allocated file structure 5676, fnum = 9772 (2 used) >open_file_shared: fname = b, share_mode = 40, ofun = 1, mode = 766, oplock request = 3 >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name b, flags = 0400000 mode = 0766, fd = 29. >freed files structure 9772 (1 used) >allocated file structure 5677, fnum = 9773 (2 used) >open_directory: opening directory b >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 9773, open name = b >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15490 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=11520 (0x2D00) >smb_vwv[ 3]= 294 (0x126) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=32768 (0x8000) >smb_vwv[ 6]=46110 (0xB41E) >smb_vwv[ 7]=49098 (0xBFCA) >smb_vwv[ 8]=50033 (0xC371) >smb_vwv[ 9]=32769 (0x8001) >smb_vwv[10]=17975 (0x4637) >smb_vwv[11]=49133 (0xBFED) >smb_vwv[12]=50033 (0xC371) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=46110 (0xB41E) >smb_vwv[15]=49098 (0xBFCA) >smb_vwv[16]=50033 (0xC371) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=46110 (0xB41E) >smb_vwv[19]=49098 (0xBFCA) >smb_vwv[20]=50033 (0xC371) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 44 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15554 >smt_wct=23 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 64 (0x40) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 2 (0x2) >smb_vwv[19]= 168 (0xA8) >smb_vwv[20]= 9 (0x9) >smb_vwv[21]= 9773 (0x262D) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[000] 00 72 00 .r. >switch message SMBnttrans (pid 19651) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] A8 00 09 00 2D 26 01 00 ....-&.. >call_nt_transact_ioctl: function[0x000900A8] FID[0x262D] isFSctl[0x01] compfilter[0x00] >FSCTL_GET_REPARSE_POINT: called on FID[0x262D](but not implemented) >error packet at smbd/nttrans.c(104) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 45 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=15618 >smt_wct=3 >smb_vwv[ 0]= 9773 (0x262D) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 19651) >change_to_user: Skipping user change - already user >close directory fnum=9773 >freed files structure 9773 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=15618 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 46 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15682 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 6C 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .l...V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835d170 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 47 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15746 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 00 00 05 01 ..... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >write_socket(16,80) >write_socket(16,80) wrote 80 >SMBtrans2 info_level = 261 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 48 of length 92 >size=88 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15810 >smt_wct=15 >smb_vwv[ 0]= 20 (0x14) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 20 (0x14) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=23 >[000] 00 6C 00 EC 03 00 00 00 00 5C 00 62 00 2E 00 64 .l...... .\.b...d >[010] 00 6C 00 6C 00 00 00 .l.l... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\b.dll" >unix_clean_name [/b.dll] >unix_convert begin: name = b.dll, dirpath = , start = b.dll >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >New file b.dll >is_in_path: b.dll >is_in_path: no name list. >unix_clean_name [b.dll] >call_trans2qfilepathinfo: SMB_VFS_STAT of b.dll failed (No such file or directory) >error string = No such file or directory >error packet at smbd/trans2.c(1859) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15810 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 49 of length 94 >size=90 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15874 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1280 (0x500) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=7 >[000] 00 5C 00 62 00 00 00 .\.b... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20089, share access 0x5, file attributes 0x0 to open_mode 0x8020 >unix_convert called on file "\b" >unix_clean_name [/b] >unix_mode(b) returning 0766 >allocated file structure 5678, fnum = 9774 (2 used) >open_file_shared: fname = b, share_mode = 8020, ofun = 1, mode = 766, oplock request = 3 >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name b, flags = 0400000 mode = 0766, fd = 29. >freed files structure 9774 (1 used) >error string = Is a directory >error packet at smbd/nttrans.c(833) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY >size=35 >smb_com=0xa2 >smb_rcls=186 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=15874 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >got smb length of 80 >got message type 0x0 of len 0x50 >Transaction 50 of length 84 >size=80 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=15938 >smt_wct=15 >smb_vwv[ 0]= 12 (0xC) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 12 (0xC) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=15 >[000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 00 00 ........ .\.b... >switch message SMBtrans2 (pid 19651) >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >call_trans2qfilepathinfo b level=1004 call=5 total_data=0 >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Wed Sep 3 02:05:05 2003 > access: Wed Sep 3 02:06:03 2003 > write: Wed Sep 3 02:05:05 2003 > change: Wed Sep 3 02:05:05 2003 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 51 of length 94 >size=90 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16002 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 256 (0x100) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=7 >[000] 00 5C 00 62 00 00 00 .\.b... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: Mapped desired access 0x20089, share access 0x1, file attributes 0x80 to open_mode 0x20 >unix_convert called on file "\b" >unix_clean_name [/b] >unix_mode(b) returning 0766 >allocated file structure 5679, fnum = 9775 (2 used) >open_file_shared: fname = b, share_mode = 20, ofun = 1, mode = 766, oplock request = 3 >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name b, flags = 0400000 mode = 0766, fd = 29. >freed files structure 9775 (1 used) >error string = Is a directory >error packet at smbd/nttrans.c(833) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY >size=35 >smb_com=0xa2 >smb_rcls=186 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16002 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 80 >got message type 0x0 of len 0x50 >Transaction 52 of length 84 >size=80 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=16066 >smt_wct=15 >smb_vwv[ 0]= 12 (0xC) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 12 (0xC) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=15 >[000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 00 00 ........ .\.b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >call_trans2qfilepathinfo b level=1004 call=5 total_data=0 >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Wed Sep 3 02:05:05 2003 > access: Wed Sep 3 02:06:03 2003 > write: Wed Sep 3 02:05:05 2003 > change: Wed Sep 3 02:05:05 2003 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 53 of length 94 >size=90 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16130 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=7 >[000] 00 5C 00 62 00 00 00 .\.b... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: Mapped desired access 0x20089, share access 0x0, file attributes 0x80 to open_mode 0x10 >unix_convert called on file "\b" >unix_clean_name [/b] >unix_mode(b) returning 0766 >allocated file structure 5680, fnum = 9776 (2 used) >open_file_shared: fname = b, share_mode = 10, ofun = 1, mode = 766, oplock request = 3 >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name b, flags = 0400000 mode = 0766, fd = 29. >freed files structure 9776 (1 used) >error string = Is a directory >error packet at smbd/nttrans.c(833) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY >size=35 >smb_com=0xa2 >smb_rcls=186 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16130 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 92 >got message type 0x0 of len 0x5c >Transaction 54 of length 96 >size=92 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=16194 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=49 >[000] 00 5C 00 5C 00 31 00 30 00 2E 00 33 00 33 00 2E .\.\.1.0 ...3.3.. >[010] 00 31 00 2E 00 31 00 37 00 30 00 5C 00 53 00 48 .1...1.7 .0.\.S.H >[020] 00 41 00 52 00 45 00 31 00 00 00 3F 3F 3F 3F 3F .A.R.E.1 ...????? >[030] 00 . >switch message SMBtconX (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [SHARE1] >making a connection to 'normal' service share1 >Finding user admin >Trying _Get_Pwnam(), username as lowercase is admin >Get_Pwnam_internals did find user [admin]! >user_in_list: checking user admin in list >user_in_list: checking user |admin| against |@AllUsers| >Unable to get default yp domain >Connect path is '/shares/SHARE1' for service [SHARE1] >get_share_security: using default secdesc for SHARE1 >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. >se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >Initialising default vfs hooks >claiming SHARE1 0 >cmd=/usr/local/samba/bin/log_connect.sh 'admin' 'mkaplan-win2k' '10.33.1.136' 'SHARE1' >get_share_security: using default secdesc for SHARE1 >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. >se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >mkaplan-win2k (10.33.1.136) connect to service SHARE1 initially as user admin (uid=1, gid=100) (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=SHARE1 >size=54 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=100 >smb_mid=16194 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=13 >[000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... >write_socket(16,58) >write_socket(16,58) wrote 58 >got smb length of 80 >got message type 0x0 of len 0x50 >Transaction 55 of length 84 >size=80 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=2156 >smb_uid=100 >smb_mid=16258 >smt_wct=15 >smb_vwv[ 0]= 12 (0xC) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 12 (0xC) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=15 >[000] 1B BC 01 EC 03 00 00 00 00 5C 00 62 00 00 00 ........ .\.b... >switch message SMBtrans2 (pid 19651) >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >call_trans2qfilepathinfo b level=1004 call=5 total_data=0 >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Wed Sep 3 02:05:05 2003 > access: Wed Sep 3 02:06:03 2003 > write: Wed Sep 3 02:05:05 2003 > change: Wed Sep 3 02:05:05 2003 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 56 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=2 >smb_pid=2156 >smb_uid=100 >smb_mid=16322 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 1B BC 01 05 01 ..... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >write_socket(16,80) >write_socket(16,80) wrote 80 >SMBtrans2 info_level = 261 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 57 of length 94 >size=90 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16386 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 3584 (0xE00) >smb_vwv[ 9]= 1 (0x1) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=7 >[000] 00 5C 00 62 00 00 00 .\.b... >switch message SMBntcreateX (pid 19651) >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >reply_ntcreateX: flags = 0x10, desired_access = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: Mapped desired access 0x10e0000, share access 0x3, file attributes 0x0 to open_mode 0x40 >unix_convert called on file "\b" >unix_clean_name [/b] >unix_mode(b) returning 0766 >allocated file structure 5681, fnum = 9777 (2 used) >open_file_shared: fname = b, share_mode = 40, ofun = 1, mode = 766, oplock request = 0 >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >freed files structure 9777 (1 used) >allocated file structure 5682, fnum = 9778 (2 used) >open_directory: opening directory b >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 9778, open name = b >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16386 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=12800 (0x3200) >smb_vwv[ 3]= 294 (0x126) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=32768 (0x8000) >smb_vwv[ 6]=46110 (0xB41E) >smb_vwv[ 7]=49098 (0xBFCA) >smb_vwv[ 8]=50033 (0xC371) >smb_vwv[ 9]=32769 (0x8001) >smb_vwv[10]=17975 (0x4637) >smb_vwv[11]=49133 (0xBFED) >smb_vwv[12]=50033 (0xC371) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=46110 (0xB41E) >smb_vwv[15]=49098 (0xBFCA) >smb_vwv[16]=50033 (0xC371) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=46110 (0xB41E) >smb_vwv[19]=49098 (0xBFCA) >smb_vwv[20]=50033 (0xC371) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 58 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=16450 >smt_wct=3 >smb_vwv[ 0]= 9778 (0x2632) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 19651) >change_to_user: Skipping user change - already user >close directory fnum=9778 >freed files structure 9778 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=16450 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 59 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16514 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 6C 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .l...V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 60 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16578 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 6C 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .l...V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 61 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16642 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 06 4E 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .N...V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 62 of length 94 >size=90 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16706 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=35072 (0x8900) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 8192 (0x2000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=7 >[000] 00 5C 00 62 00 00 00 .\.b... >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: Mapped desired access 0x20089, share access 0x3, file attributes 0x80 to open_mode 0x40 >unix_convert called on file "\b" >unix_clean_name [/b] >unix_mode(b) returning 0766 >allocated file structure 5683, fnum = 9779 (2 used) >open_file_shared: fname = b, share_mode = 40, ofun = 1, mode = 766, oplock request = 3 >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >fd_open: name b, flags = 0400000 mode = 0766, fd = 29. >freed files structure 9779 (1 used) >allocated file structure 5684, fnum = 9780 (2 used) >open_directory: opening directory b >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 9780, open name = b >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16706 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=13312 (0x3400) >smb_vwv[ 3]= 294 (0x126) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=32768 (0x8000) >smb_vwv[ 6]=46110 (0xB41E) >smb_vwv[ 7]=49098 (0xBFCA) >smb_vwv[ 8]=50033 (0xC371) >smb_vwv[ 9]=32769 (0x8001) >smb_vwv[10]=17975 (0x4637) >smb_vwv[11]=49133 (0xBFED) >smb_vwv[12]=50033 (0xC371) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=46110 (0xB41E) >smb_vwv[15]=49098 (0xBFCA) >smb_vwv[16]=50033 (0xC371) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=46110 (0xB41E) >smb_vwv[19]=49098 (0xBFCA) >smb_vwv[20]=50033 (0xC371) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 63 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16770 >smt_wct=23 >smb_vwv[ 0]= 4 (0x4) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 64 (0x40) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 2 (0x2) >smb_vwv[19]= 168 (0xA8) >smb_vwv[20]= 9 (0x9) >smb_vwv[21]= 9780 (0x2634) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[000] 00 77 00 .w. >switch message SMBnttrans (pid 19651) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] A8 00 09 00 34 26 01 00 ....4&.. >call_nt_transact_ioctl: function[0x000900A8] FID[0x2634] isFSctl[0x01] compfilter[0x00] >FSCTL_GET_REPARSE_POINT: called on FID[0x2634](but not implemented) >error packet at smbd/nttrans.c(104) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 64 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=16834 >smt_wct=3 >smb_vwv[ 0]= 9780 (0x2634) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 19651) >change_to_user: Skipping user change - already user >close directory fnum=9780 >freed files structure 9780 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=16834 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 65 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16898 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 00 00 03 01 ..... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 259 >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[2] id[1] ret[-1]. >sys_get_xfs_quota() failed for mntpath[/hd/vol_mnt0] bdev[/dev/volgr0/lvol0] qtype[4] id[100] ret[-1]. >call_trans2qfsinfo : SMB_QUERY_FS_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=725450752, cUnitAvail=725434368 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 24, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 24, paramsize = 0, datasize = 24 >write_socket(16,84) >write_socket(16,84) wrote 84 >SMBtrans2 info_level = 259 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 66 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=16962 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 06 4E 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .N...V.. .......\ >[010] 00 62 00 00 00 .b... >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b" >unix_clean_name [/b] >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >dir=./, mask = b >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: .os_private >is_in_path: no name list. >is_in_path: s >is_in_path: no name list. >is_in_path: 1 >is_in_path: no name list. >is_in_path: b >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = b, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 1 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 2 >ms_fnmatch(b,.) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 3 >ms_fnmatch(b,.os_private) -> -1 >ms_fnmatch(b,_JNVUF~Z) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 4 >ms_fnmatch(b,s) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 5 >ms_fnmatch(b,1) -> -1 >get_lanman2_dir_entry:readdir on dirptr 0x835f870 now at offset 6 >dos_mode: ./b >is_in_path: ./b >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./b fname=b >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 96, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 96, paramsize = 10, datasize = 96 >write_socket(16,168) >write_socket(16,168) wrote 168 >SMBtrans2 mask=b directory=./ dirtype=22 numentries=1 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 67 of length 94 >size=90 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=17026 >smt_wct=15 >smb_vwv[ 0]= 22 (0x16) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 22 (0x16) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=25 >[000] 06 4E 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .N...V.. .......\ >[010] 00 62 00 5C 00 2A 00 00 00 .b.\.*.. . >switch message SMBtrans2 (pid 19651) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\b\*" >unix_clean_name [/b/*] >unix_convert begin: name = b/*, dirpath = b, start = * >New file * >is_in_path: b/* >is_in_path: no name list. >unix_clean_name [b/*] >dir=b, mask = * >start_dir dir=b >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >creating new dirptr 256 for path b, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<b> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 1 >ms_fnmatch(*,.) -> 0 >dos_mode: b/. >is_in_path: b/. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found b/. fname=. >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 >ms_fnmatch(*,.) -> 0 >dos_mode: b/.. >is_in_path: b/.. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found b/.. fname=.. >get_lanman2_dir_entry:readdir on dirptr 0x835eea0 now at offset 2 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 196, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 196, paramsize = 10, datasize = 196 >write_socket(16,268) >write_socket(16,268) wrote 268 >SMBtrans2 mask=* directory=b dirtype=22 numentries=2 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 68 of length 92 >size=88 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=17090 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=45 >[000] 00 5C 00 5C 00 31 00 30 00 2E 00 33 00 33 00 2E .\.\.1.0 ...3.3.. >[010] 00 31 00 2E 00 31 00 37 00 30 00 5C 00 49 00 50 .1...1.7 .0.\.I.P >[020] 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .C.$...? ????. >switch message SMBtconX (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [IPC$] >making a connection to 'normal' service ipc$ >Finding user admin >Trying _Get_Pwnam(), username as lowercase is admin >Get_Pwnam_internals did find user [admin]! >Connect path is '/tmp' for service [IPC$] >get_share_security: using default secdesc for IPC$ >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. >se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >Initialising default vfs hooks >claiming IPC$ 0 >cmd=/usr/local/samba/bin/log_connect.sh 'admin' 'mkaplan-win2k' '10.33.1.136' 'IPC_' >get_share_security: using default secdesc for IPC$ >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. >se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >se_access_check: access (1) granted. >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >mkaplan-win2k (10.33.1.136) connect to service IPC$ initially as user admin (uid=1, gid=100) (pid 19651) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=IPC$ >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=65279 >smb_uid=100 >smb_mid=17090 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >write_socket(16,52) >write_socket(16,52) wrote 52 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 69 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17154 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=17 >[000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. >[010] 00 . >switch message SMBntcreateX (pid 19651) >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >vfs_ChDir to /tmp >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \lsarpc. >nt_open_pipe: Known pipe lsarpc opening. >Open pipe requested lsarpc (pipes_open=0) >Create pipe requested lsarpc >init_pipe_handles: created handle list for pipe lsarpc >init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >Created internal pipe lsarpc (pipes_open=0) >Opened pipe lsarpc with handle 71fb (pipes_open=1) >open pipes: name lsarpc pnum=71fb >do_ntcreate_pipe_open: open pipe = \lsarpc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17154 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=64256 (0xFB00) >smb_vwv[ 3]= 369 (0x171) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 70 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17218 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29179 (0x71FB) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[030] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. >[040] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fb >pipe name lsarpc pnum=71fb (pipes_open=1) >Got API command 0x26 on pipe "lsarpc" (pnum 71fb)api_fd_reply: p:0x8361808 max_trans_reply: 1024 >write_to_pipe: 71fb name: lsarpc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 844 >api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 0010 data : 3919286a > 0014 data : b10c > 0016 data : 11d0 > 0018 data : 9b a8 00 c0 4f d9 2e f5 > 0020 version: 00000000 > 000024 smb_io_rpc_iface > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 985 >check_bind_req for \PIPE\lsarpc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000c > 000a str: \PIPE\lsass. > 000016 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 71fb name: lsarpc len: 1024 >read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17218 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 110 >got message type 0x0 of len 0x6e >Transaction 71 of length 114 >size=110 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17282 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29179 (0x71FB) >smb_bcc=43 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ >[020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=26 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fb >pipe name lsarpc pnum=71fb (pipes_open=1) >Got API command 0x26 on pipe "lsarpc" (pnum 71fb)api_fd_reply: p:0x8361808 max_trans_reply: 1024 >write_to_pipe: 71fb name: lsarpc open: Yes len: 26 >write_to_pipe: data_left = 26 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 >fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 10 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 10 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 10, incoming data = 10 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000002 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\lsarpc >api_rpcTNP: lsarpc op 0x0 - unknown >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 23 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000000 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : NT code 0x1c010002 > 001c reserved: 00000000 >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 10 >read_from_pipe: 71fb name: lsarpc len: 1024 >read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >copy_trans_params_and_data: params[0..0] data[0..32] >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17282 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... >[010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ >[020] 00 . >write_socket(16,92) >write_socket(16,92) wrote 92 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 72 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=65279 >smb_uid=100 >smb_mid=17346 >smt_wct=3 >smb_vwv[ 0]=29179 (0x71FB) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 19651) >change_to_user: Skipping user change - already user >search for pipe pnum=71fb >pipe name lsarpc pnum=71fb (pipes_open=1) >reply_pipe_close: pnum:71fb >close_policy_by_pipe: deleted handle list for pipe lsarpc >closed pipe name lsarpc pnum=71fb (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=65279 >smb_uid=100 >smb_mid=17346 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 73 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17410 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=17 >[000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. >[010] 00 . >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \winreg. >nt_open_pipe: Known pipe winreg opening. >Open pipe requested winreg (pipes_open=0) >Create pipe requested winreg >init_pipe_handles: created handle list for pipe winreg >init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >Created internal pipe winreg (pipes_open=0) >Opened pipe winreg with handle 71fc (pipes_open=1) >open pipes: name winreg pnum=71fc >do_ntcreate_pipe_open: open pipe = \winreg >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17410 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=64512 (0xFC00) >smb_vwv[ 3]= 369 (0x171) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 74 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17474 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29180 (0x71FC) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[030] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. >[040] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fc >pipe name winreg pnum=71fc (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fc name: winreg open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 844 >api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 0010 data : 338cd001 > 0014 data : 2244 > 0016 data : 31f1 > 0018 data : aa aa 90 00 38 00 10 03 > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 985 >check_bind_req for \PIPE\winreg >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\winreg. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 71fc name: winreg len: 1024 >read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17474 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 \winreg. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 120 >got message type 0x0 of len 0x78 >Transaction 75 of length 124 >size=120 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17538 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 36 (0x24) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29180 (0x71FC) >smb_bcc=53 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... >[020] 00 0C 00 00 00 00 00 02 00 E0 F1 7B 27 80 E5 01 ........ ...{'... >[030] 00 00 00 00 02 ..... >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=36 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fc >pipe name winreg pnum=71fc (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fc name: winreg open: Yes len: 36 >write_to_pipe: data_left = 36 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 20 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 20 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 20, incoming data = 20 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000000c > 0004 context_id: 0000 > 0006 opnum : 0002 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >api_rpc_cmds[3].fn == 0x80f583c >000000 reg_io_q_open_hklm > 0000 ptr : 277bf1e0 > 0004 unknown_0: e580 > 0006 unknown_1: 0001 > 0008 access_mask: 02000000 >open_registry_key: name = [NULL][HKLM] >reghook_cache_find: Searching for keyname [/HKLM] >sorted_tree_find: Enter [/HKLM] >sorted_tree_find: Exit >regdb_fetch_reg_keys: Enter key => [HKLM] >regdb_fetch_reg_keys: Exit [1] items >Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >open_registry_key: exit >000000 reg_io_r_open_hklm > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000001 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 > 0014 status: NT_STATUS_OK >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 20 >read_from_pipe: 71fc name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17538 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ >[020] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 00 00 00 .....8MU ?.L..... >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 252 >got message type 0x0 of len 0xfc >Transaction 76 of length 256 >size=252 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17602 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 168 (0xA8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 168 (0xA8) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29180 (0x71FC) >smb_bcc=185 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 A8 00 00 00 02 00 00 ........ ........ >[020] 00 90 00 00 00 00 00 0F 00 00 00 00 00 01 00 00 ........ ........ >[030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 60 00 60 .....8MU ?.L..`.` >[040] 00 D0 1B 18 75 30 00 00 00 00 00 00 00 30 00 00 ....u0.. .....0.. >[050] 00 73 00 79 00 73 00 74 00 65 00 6D 00 5C 00 63 .s.y.s.t .e.m.\.c >[060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 63 00 6F .u.r.r.e .n.t.c.o >[070] 00 6E 00 74 00 72 00 6F 00 6C 00 73 00 65 00 74 .n.t.r.o .l.s.e.t >[080] 00 5C 00 63 00 6F 00 6E 00 74 00 72 00 6F 00 6C .\.c.o.n .t.r.o.l >[090] 00 5C 00 70 00 72 00 6F 00 64 00 75 00 63 00 74 .\.p.r.o .d.u.c.t >[0A0] 00 6F 00 70 00 74 00 69 00 6F 00 6E 00 73 00 00 .o.p.t.i .o.n.s.. >[0B0] 00 00 00 00 00 19 00 02 00 ........ . >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=168 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fc >pipe name winreg pnum=71fc (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fc name: winreg open: Yes len: 168 >write_to_pipe: data_left = 168 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 >fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 152 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a8 > 000a auth_len : 0000 > 000c call_id : 00000002 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 152 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 152, incoming data = 152 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000090 > 0004 context_id: 0000 > 0006 opnum : 000f >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >api_rpc_cmds[1].fn == 0x80f5a28 >000000 reg_io_q_entry > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000001 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 > 000014 smb_io_unihdr > 0014 uni_str_len: 0060 > 0016 uni_max_len: 0060 > 0018 buffer : 75181bd0 > 00001c smb_io_unistr2 > 001c uni_max_len: 00000030 > 0020 undoc : 00000000 > 0024 uni_str_len: 00000030 > 0028 buffer : s.y.s.t.e.m.\.c.u.r.r.e.n.t.c.o.n.t.r.o.l.s.e.t.\.c.o.n.t.r.o.l.\.p.r.o.d.u.c.t.o.p.t.i.o.n.s... > 0088 unknown_0 : 00000000 > 008c access_desired : 00020019 >Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >reg_open_entry: Enter >open_registry_key: name = [HKLM][system\currentcontrolset\control\productoptions] >reghook_cache_find: Searching for keyname [/HKLM/system/currentcontrolset/control/productoptions] >sorted_tree_find: Enter [/HKLM/system/currentcontrolset/control/productoptions] >sorted_tree_find: Exit >regdb_fetch_reg_keys: Enter key => [HKLM\system\currentcontrolset\control\productoptions] >regdb_fetch_reg_keys: Exit [0] items >Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >open_registry_key: exit >reg_open_entry: Exit >000000 reg_io_r_open_entry > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000002 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 > 0014 status: NT_STATUS_OK >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 96 >write_to_pipe: data_used = 152 >read_from_pipe: 71fc name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17602 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ >[020] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 00 00 00 .....8MU ?.L..... >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 200 >got message type 0x0 of len 0xc8 >Transaction 77 of length 204 >size=200 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17666 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 116 (0x74) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 116 (0x74) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29180 (0x71FC) >smb_bcc=133 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 74 00 00 00 03 00 00 ........ .t...... >[020] 00 5C 00 00 00 00 00 11 00 00 00 00 00 02 00 00 .\...... ........ >[030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 18 00 18 .....8MU ?.L..... >[040] 00 B8 1B 18 75 0C 00 00 00 00 00 00 00 0C 00 00 ....u... ........ >[050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T >[060] 00 79 00 70 00 65 00 00 00 0C F2 7B 27 00 00 00 .y.p.e.. ...{'... >[070] 00 00 00 00 00 04 F2 7B 27 00 00 00 00 FC F1 7B .......{ '......{ >[080] 27 00 00 00 00 '.... >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=116 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fc >pipe name winreg pnum=71fc (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fc name: winreg open: Yes len: 116 >write_to_pipe: data_left = 116 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 116 >fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 100 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0074 > 000a auth_len : 0000 > 000c call_id : 00000003 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 100, incoming data = 100 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000005c > 0004 context_id: 0000 > 0006 opnum : 0011 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO >api_rpc_cmds[8].fn == 0x80f5ad0 >000000 reg_io_q_info > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000002 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 > 000014 smb_io_unihdr > 0014 uni_str_len: 0018 > 0016 uni_max_len: 0018 > 0018 buffer : 75181bb8 > 00001c smb_io_unistr2 > 001c uni_max_len: 0000000c > 0020 undoc : 00000000 > 0024 uni_str_len: 0000000c > 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... > 0040 ptr_reserved: 277bf20c > 0044 ptr_buf: 00000000 > 0048 unk1: 00000000 > 004c ptr_buflen: 277bf204 > 0050 buflen: 00000000 > 0054 ptr_buflen2: 277bf1fc > 0058 buflen2: 00000000 >Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >_reg_info: Enter >_reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] >reg_info: looking up value: [ProductType] >_reg_info: Exit >000000 reg_io_r_info > 0000 ptr_type: 00000001 > 0004 type: 00000001 > 0008 ptr_uni_val: 00000000 > 000c ptr_max_len: 00000001 > 0010 buf_max_len: 0000000c > 0014 ptr_len: 00000001 > 0018 buf_len: 0000000c > 001c status: NT_STATUS_OK >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 536 >write_to_pipe: data_used = 100 >read_from_pipe: 71fc name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0038 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..56] >size=112 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17666 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 56 (0x38) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 56 (0x38) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=57 >[000] 00 05 00 02 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... >[010] 00 20 00 00 00 00 00 00 00 01 00 00 00 01 00 00 . ...... ........ >[020] 00 00 00 00 00 01 00 00 00 0C 00 00 00 01 00 00 ........ ........ >[030] 00 0C 00 00 00 00 00 00 00 ........ . >write_socket(16,116) >write_socket(16,116) wrote 116 >got smb length of 212 >got message type 0x0 of len 0xd4 >Transaction 78 of length 216 >size=212 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17730 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 128 (0x80) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 128 (0x80) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29180 (0x71FC) >smb_bcc=145 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ >[020] 00 68 00 00 00 00 00 11 00 00 00 00 00 02 00 00 .h...... ........ >[030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 18 00 18 .....8MU ?.L..... >[040] 00 B8 1B 18 75 0C 00 00 00 00 00 00 00 0C 00 00 ....u... ........ >[050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T >[060] 00 79 00 70 00 65 00 00 00 0C F2 7B 27 58 D5 0E .y.p.e.. ...{'X.. >[070] 00 58 D5 0E 00 0C 00 00 00 00 00 00 00 00 00 00 .X...... ........ >[080] 00 04 F2 7B 27 0C 00 00 00 FC F1 7B 27 00 00 00 ...{'... ...{'... >[090] 00 . >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=128 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fc >pipe name winreg pnum=71fc (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fc name: winreg open: Yes len: 128 >write_to_pipe: data_left = 128 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 >fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 112 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0080 > 000a auth_len : 0000 > 000c call_id : 00000004 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 112 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 112, incoming data = 112 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000068 > 0004 context_id: 0000 > 0006 opnum : 0011 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO >api_rpc_cmds[8].fn == 0x80f5ad0 >000000 reg_io_q_info > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000002 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 > 000014 smb_io_unihdr > 0014 uni_str_len: 0018 > 0016 uni_max_len: 0018 > 0018 buffer : 75181bb8 > 00001c smb_io_unistr2 > 001c uni_max_len: 0000000c > 0020 undoc : 00000000 > 0024 uni_str_len: 0000000c > 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... > 0040 ptr_reserved: 277bf20c > 0044 ptr_buf: 000ed558 > 0048 ptr_bufsize: 000ed558 > 004c bufsize: 0000000c > 0050 buf_unk: 00000000 > 0054 unk1: 00000000 > 0058 ptr_buflen: 277bf204 > 005c buflen: 0000000c > 0060 ptr_buflen2: 277bf1fc > 0064 buflen2: 00000000 >Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >_reg_info: Enter >_reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] >reg_info: looking up value: [ProductType] >_reg_info: Exit >000000 reg_io_r_info > 0000 ptr_type: 00000001 > 0004 type: 00000001 > 0008 ptr_uni_val: 00000001 > 00000c smb_io_buffer2 uni_val > 000c uni_max_len: 0000000c > 0010 undoc : 00000000 > 0014 buf_len : 0000000c > 0018 buffer : W.i.n.N.T... > 0024 ptr_max_len: 00000001 > 0028 buf_max_len: 0000000c > 002c ptr_len: 00000001 > 0030 buf_len: 0000000c > 0034 status: NT_STATUS_OK >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 536 >write_to_pipe: data_used = 112 >read_from_pipe: 71fc name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 56. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0050 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000038 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..80] >size=136 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17730 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 80 (0x50) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 80 (0x50) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=81 >[000] 00 05 00 02 03 10 00 00 00 50 00 00 00 04 00 00 ........ .P...... >[010] 00 38 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .8...... ........ >[020] 00 01 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ >[030] 00 57 00 69 00 6E 00 4E 00 54 00 00 00 01 00 00 .W.i.n.N .T...... >[040] 00 0C 00 00 00 01 00 00 00 0C 00 00 00 00 00 00 ........ ........ >[050] 00 . >write_socket(16,140) >write_socket(16,140) wrote 140 >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 79 of length 132 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17794 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29180 (0x71FC) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... >[020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ >[030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 .....8MU ?.L.. >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fc >pipe name winreg pnum=71fc (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fc name: winreg open: Yes len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000005 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0005 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >api_rpc_cmds[0].fn == 0x80f579c >000000 reg_io_q_close > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000002 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 >Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >Closed policy >000000 reg_io_r_close > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000000 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 00 00 00 00 00 00 00 00 > 0014 status: NT_STATUS_OK >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 28 >read_from_pipe: 71fc name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17794 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 80 of length 132 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17858 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29180 (0x71FC) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... >[020] 00 14 00 00 00 00 00 05 00 00 00 00 00 01 00 00 ........ ........ >[030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 .....8MU ?.L.. >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fc >pipe name winreg pnum=71fc (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 71fc)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fc name: winreg open: Yes len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000006 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0005 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >api_rpc_cmds[0].fn == 0x80f579c >000000 reg_io_q_close > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000001 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 >Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >Closed policy >000000 reg_io_r_close > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000000 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 00 00 00 00 00 00 00 00 > 0014 status: NT_STATUS_OK >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 28 >read_from_pipe: 71fc name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17858 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 81 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=65279 >smb_uid=100 >smb_mid=17922 >smt_wct=3 >smb_vwv[ 0]=29180 (0x71FC) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 19651) >change_to_user: Skipping user change - already user >search for pipe pnum=71fc >pipe name winreg pnum=71fc (pipes_open=1) >reply_pipe_close: pnum:71fc >close_policy_by_pipe: deleted handle list for pipe winreg >closed pipe name winreg pnum=71fc (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=65279 >smb_uid=100 >smb_mid=17922 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 82 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17986 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=17 >[000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. >[010] 00 . >switch message SMBntcreateX (pid 19651) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \lsarpc. >nt_open_pipe: Known pipe lsarpc opening. >Open pipe requested lsarpc (pipes_open=0) >Create pipe requested lsarpc >init_pipe_handles: created handle list for pipe lsarpc >init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >Created internal pipe lsarpc (pipes_open=0) >Opened pipe lsarpc with handle 71fd (pipes_open=1) >open pipes: name lsarpc pnum=71fd >do_ntcreate_pipe_open: open pipe = \lsarpc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=17986 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=64768 (0xFD00) >smb_vwv[ 3]= 369 (0x171) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 83 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=18050 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29181 (0x71FD) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ >[030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. >[040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fd >pipe name lsarpc pnum=71fd (pipes_open=1) >Got API command 0x26 on pipe "lsarpc" (pnum 71fd)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fd name: lsarpc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 844 >api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 01 23 45 67 89 ab > 0020 version: 00000000 > 000024 smb_io_rpc_iface > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 985 >check_bind_req for \PIPE\lsarpc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000c > 000a str: \PIPE\lsass. > 000016 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 71fd name: lsarpc len: 1024 >read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=18050 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 180 >got message type 0x0 of len 0xb4 >Transaction 84 of length 184 >size=180 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=18114 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 96 (0x60) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29181 (0x71FD) >smb_bcc=113 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 60 00 00 00 01 00 00 ........ .`...... >[020] 00 48 00 00 00 00 00 2C 00 20 89 07 04 0E 00 00 .H....., . ...... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 >[040] 00 2E 00 33 00 33 00 2E 00 31 00 2E 00 31 00 37 ...3.3.. .1...1.7 >[050] 00 30 00 00 00 18 00 00 00 00 00 00 00 00 00 00 .0...... ........ >[060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ >[070] 00 . >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=96 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fd >pipe name lsarpc pnum=71fd (pipes_open=1) >Got API command 0x26 on pipe "lsarpc" (pnum 71fd)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fd name: lsarpc open: Yes len: 96 >write_to_pipe: data_left = 96 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 >fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 80 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 80 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000048 > 0004 context_id: 0000 > 0006 opnum : 002c >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\lsarpc >api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >api_rpc_cmds[0].fn == 0x80f1f4c >000000 lsa_io_q_open_pol2 > 0000 ptr : 04078920 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 undoc : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.1.0...3.3...1...1.7.0... > 00002c lsa_io_obj_attr > 002c len : 00000018 > 0030 ptr_root_dir: 00000000 > 0034 ptr_obj_name: 00000000 > 0038 attributes : 00000000 > 003c ptr_sec_desc: 00000000 > 0040 ptr_sec_qos : 00000000 > 0044 des_access: 00000001 >se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-1250349775-4091538868-537732204-1002. >se_access_check: user sid is S-1-5-21-1250349775-4091538868-537732204-1002 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1201 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-1250349775-4091538868-537732204-1001 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 1 >se_access_check: access (1) granted. >Opened policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >000000 lsa_io_r_open_pol2 > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000003 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 > 0014 status: NT_STATUS_OK >api_rpcTNP: called lsarpc successfully >free_pipe_context: destroying talloc pool of size 828 >write_to_pipe: data_used = 80 >read_from_pipe: 71fd name: lsarpc len: 1024 >read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=18114 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ >[020] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 00 00 00 .....8MU ?.L..... >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 130 >got message type 0x0 of len 0x82 >Transaction 85 of length 134 >size=130 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=18178 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29181 (0x71FD) >smb_bcc=63 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ >[020] 00 16 00 00 00 00 00 07 00 00 00 00 00 03 00 00 ........ ........ >[030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 03 00 .....8MU ?.L.... >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=46 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fd >pipe name lsarpc pnum=71fd (pipes_open=1) >Got API command 0x26 on pipe "lsarpc" (pnum 71fd)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fd name: lsarpc open: Yes len: 46 >write_to_pipe: data_left = 46 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 30 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000002 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 30 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 0007 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\lsarpc >api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >api_rpc_cmds[2].fn == 0x80f2254 >000000 lsa_io_q_query > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000003 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 > 0014 info_class: 0003 >Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >000000 lsa_io_r_query > 0000 undoc_buffer: 22000000 > 0004 info_class: 0003 > 000008 lsa_io_dom_query > 0008 uni_dom_max_len: 0012 > 000a uni_dom_str_len: 0014 > 000c buffer_dom_name: 00000001 > 0010 buffer_dom_sid : 00000001 > 000014 smb_io_unistr2 unistr2 > 0014 uni_max_len: 0000000a > 0018 undoc : 00000000 > 001c uni_str_len: 00000009 > 0020 buffer : N.E.W.C.I.T.R.I.X. > 000034 smb_io_dom_sid2 > 0034 num_auths: 00000004 > 000038 smb_io_dom_sid sid > 0038 sid_rev_num: 01 > 0039 num_auths : 04 > 003a id_auth[0] : 00 > 003b id_auth[1] : 00 > 003c id_auth[2] : 00 > 003d id_auth[3] : 00 > 003e id_auth[4] : 00 > 003f id_auth[5] : 05 > 0040 sub_auths : 00000015 2838dd73 95ae0fd8 21e31bc3 > 0050 status: NT_STATUS_OK >api_rpcTNP: called lsarpc successfully >free_pipe_context: destroying talloc pool of size 512 >write_to_pipe: data_used = 30 >read_from_pipe: 71fd name: lsarpc len: 1024 >read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..108] >size=164 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=18178 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=109 >[000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 02 00 00 ........ .l...... >[010] 00 54 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .T...... ...."... >[020] 00 12 00 14 00 01 00 00 00 01 00 00 00 0A 00 00 ........ ........ >[030] 00 00 00 00 00 09 00 00 00 4E 00 45 00 57 00 43 ........ .N.E.W.C >[040] 00 49 00 54 00 52 00 49 00 58 00 00 00 04 00 00 .I.T.R.I .X...... >[050] 00 01 04 00 00 00 00 00 05 15 00 00 00 73 DD 38 ........ .....s.8 >[060] 28 D8 0F AE 95 C3 1B E3 21 00 00 00 00 (....... !.... >write_socket(16,168) >write_socket(16,168) wrote 168 >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 86 of length 132 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=18242 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29181 (0x71FD) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... >[020] 00 14 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ >[030] 00 00 00 00 00 38 4D 55 3F C3 4C 00 00 .....8MU ?.L.. >switch message SMBtrans (pid 19651) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=71fd >pipe name lsarpc pnum=71fd (pipes_open=1) >Got API command 0x26 on pipe "lsarpc" (pnum 71fd)api_fd_reply: p:0x835fe28 max_trans_reply: 1024 >write_to_pipe: 71fd name: lsarpc open: Yes len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000003 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\lsarpc >api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >api_rpc_cmds[4].fn == 0x80f2640 >000000 lsa_io_q_close > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000003 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 38 4d 55 3f c3 4c 00 00 >Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 38 4D 55 3F ........ ....8MU? >[010] C3 4C 00 00 .L.. >Closed policy >000000 lsa_io_r_close > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000000 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 00 00 00 00 00 00 00 00 > 0014 status: NT_STATUS_OK >api_rpcTNP: called lsarpc successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 28 >read_from_pipe: 71fd name: lsarpc len: 1024 >read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=2156 >smb_uid=100 >smb_mid=18242 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 87 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=65279 >smb_uid=100 >smb_mid=18306 >smt_wct=3 >smb_vwv[ 0]=29181 (0x71FD) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 19651) >change_to_user: Skipping user change - already user >search for pipe pnum=71fd >pipe name lsarpc pnum=71fd (pipes_open=1) >reply_pipe_close: pnum:71fd >close_policy_by_pipe: deleted handle list for pipe lsarpc >closed pipe name lsarpc pnum=71fd (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=65279 >smb_uid=100 >smb_mid=18306 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 90 >got message type 0x0 of len 0x5a >Transaction 88 of length 94 >size=90 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=18370 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=32768 (0x8000) >smb_vwv[ 8]= 512 (0x200) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 8192 (0x2000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=7 >[000] 00 5C 00 62 00 00 00 .\.b... >switch message SMBntcreateX (pid 19651) >setting sec ctx (1, 100) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1250349775-4091538868-537732204-1002 >contains 6 SIDs >SID[ 0]: S-1-5-21-1250349775-4091538868-537732204-1002 >SID[ 1]: S-1-5-21-1250349775-4091538868-537732204-1201 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-1250349775-4091538868-537732204-1001 >UNIX token of user 1 >Primary group is 100 and contains 3 supplementary groups >Group[ 0]: 100 >Group[ 1]: 100 >Group[ 2]: 0 >change_to_user uid=(0,1) gid=(0,100) >vfs_ChDir to /shares/SHARE1 >reply_ntcreateX: flags = 0x10, desired_access = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x20080, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "\b" >unix_clean_name [/b] >unix_mode(b) returning 0766 >allocated file structure 5685, fnum = 9781 (2 used) >open_file_shared: fname = b, share_mode = 8040, ofun = 1, mode = 766, oplock request = 0 >is_in_path: b >is_in_path: no name list. >unix_clean_name [b] >calling open_file with flags=0x0 flags2=0x0 mode=0766 >freed files structure 9781 (1 used) >allocated file structure 5686, fnum = 9782 (2 used) >open_directory: opening directory b >dos_mode: b >is_in_path: b >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 9782, open name = b >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=18370 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=13824 (0x3600) >smb_vwv[ 3]= 294 (0x126) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=32768 (0x8000) >smb_vwv[ 6]=46110 (0xB41E) >smb_vwv[ 7]=49098 (0xBFCA) >smb_vwv[ 8]=50033 (0xC371) >smb_vwv[ 9]= 1 (0x1) >smb_vwv[10]=12991 (0x32BF) >smb_vwv[11]=49235 (0xC053) >smb_vwv[12]=50033 (0xC371) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=46110 (0xB41E) >smb_vwv[15]=49098 (0xBFCA) >smb_vwv[16]=50033 (0xC371) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=46110 (0xB41E) >smb_vwv[19]=49098 (0xBFCA) >smb_vwv[20]=50033 (0xC371) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 89 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=18434 >smt_wct=19 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 2048 (0x800) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2048 (0x800) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=19456 (0x4C00) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 6 (0x6) >smb_bcc=11 >[000] 00 50 00 36 26 00 00 04 00 00 00 .P.6&... ... >switch message SMBnttrans (pid 19651) >change_to_user: Skipping user change - already user >reply_nttrans: parameter_count = 8 >[000] 36 26 00 00 04 00 00 00 6&...... >call_nt_transact_query_security_desc: file = b >get_nt_acl: called for file b >get_nt_acl : file ACL present, directory ACL present >load_inherited_info: ret = -1 for file b Err No data available >local_uid_to_sid: host has know idea of uid 18000 >uid_to_sid: local 18000 failed to map to sid >fetch sid from gid cache 100 -> S-1-5-21-1250349775-4091538868-537732204-1201 >push_sec_ctx(1, 100) : sec_ctx_stack_ndx = 1 >push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >getsampwnam (smbpasswd): search by name: admin >startsmbfilepwent_internal: opening file /etc/private/smbpasswd >getsmbfilepwent: returning passwd entry for user guest, uid 4 >getsmbfilepwent: returning passwd entry for user admin, uid 1 >endsmbfilepwent_internal: closed password file. >getsampwnam (smbpasswd): found by name: admin >pdb_set_username: setting username admin, was >element 11 -> now SET >pdb_set_full_name: setting full name admin, was >element 12 -> now SET >pdb_set_unix_homedir: setting home dir /local_user_, was NULL >element 21 -> now SET >pdb_set_domain: setting domain MKAP-TYPHOON, was >pdb_set_user_sid: setting user sid S-1-5-21-1250349775-4091538868-537732204-1002 >element 17 -> now SET >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1250349775-4091538868-537732204-1002 from rid 1002 >pdb_set_group_sid: setting group sid S-1-5-21-1250349775-4091538868-537732204-1201 >element 18 -> now SET >Home server: mkap-typhoon >pdb_set_profile_path: setting profile path \\mkap-typhoon\admin\profile, was >Home server: mkap-typhoon >pdb_set_homedir: setting home dir \\mkap-typhoon\admin, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >element 31 -> now SET >element 30 -> now SET >element 19 -> now SET >element 20 -> now SET >element 8 -> now SET >pop_sec_ctx (1, 100) - sec_ctx_stack_ndx = 0 >local_uid_to_sid: uid (1) -> SID S-1-5-21-1250349775-4091538868-537732204-1002 (admin). >uid_to_sid: local 1 -> S-1-5-21-1250349775-4091538868-537732204-1002 >fetch sid from gid cache 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo >(inherited) >canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo >(inherited) >canon_ace index 2. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1201 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo >(inherited) >canon_ace index 4. Type = allow SID = S-0-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo >(inherited) >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-0-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo >(inherited) >canon_ace index 2. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1201 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo >(inherited) >canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo >(inherited) >fetch sid from uid cache 1 -> S-1-5-21-1250349775-4091538868-537732204-1002 >fetch sid from gid cache 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 >canonicalise_acl: Default ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo >(inherited) >canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo >(inherited) >canon_ace index 2. Type = allow SID = S-1-3-1 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo >(inherited) >canon_ace index 4. Type = allow SID = S-1-3-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo >(inherited) >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-3-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo >(inherited) >canon_ace index 2. Type = allow SID = S-1-3-1 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo >(inherited) >canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo >(inherited) >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >merge_default_aces: Merging ACE 6 onto ACE 1. >merge_default_aces: Merging ACE 7 onto ACE 3. >merge_default_aces: Merging ACE 7 onto ACE 4. >call_nt_transact_query_security_desc: sd_size = 212. >error string = No data available >error packet at smbd/nttrans.c(104) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL >nt_rep: params_sent_thistime = 4, data_sent_thistime = 0, useable_space = 131030 >nt_rep: params_to_send = 4, data_to_send = 0, paramsize = 4, datasize = 0 >write_socket(16,82) >write_socket(16,82) wrote 82 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 90 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=2156 >smb_uid=100 >smb_mid=18498 >smt_wct=19 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 2048 (0x800) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=54272 (0xD400) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2048 (0x800) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=19456 (0x4C00) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 6 (0x6) >smb_bcc=11 >[000] 00 50 00 36 26 00 00 04 00 00 00 .P.6&... ... >switch message SMBnttrans (pid 19651) >change_to_user: Skipping user change - already user >reply_nttrans: parameter_count = 8 >[000] 36 26 00 00 04 00 00 00 6&...... >call_nt_transact_query_security_desc: file = b >get_nt_acl: called for file b >get_nt_acl : file ACL present, directory ACL present >load_inherited_info: ret = -1 for file b Err No data available >local_uid_to_sid: host has know idea of uid 18000 >uid_to_sid: local 18000 failed to map to sid >fetch sid from gid cache 100 -> S-1-5-21-1250349775-4091538868-537732204-1201 >fetch sid from uid cache 1 -> S-1-5-21-1250349775-4091538868-537732204-1002 >fetch sid from gid cache 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 >canonicalise_acl: Access ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo >(inherited) >canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo >(inherited) >canon_ace index 2. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1201 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo >(inherited) >canon_ace index 4. Type = allow SID = S-0-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo >(inherited) >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-0-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo >(inherited) >canon_ace index 2. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1201 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo >(inherited) >canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo >(inherited) >fetch sid from uid cache 1 -> S-1-5-21-1250349775-4091538868-537732204-1002 >fetch sid from gid cache 0 -> S-1-5-21-1250349775-4091538868-537732204-1001 >canonicalise_acl: Default ace entries before arrange : >canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo >(inherited) >canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo >(inherited) >canon_ace index 2. Type = allow SID = S-1-3-1 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo >(inherited) >canon_ace index 4. Type = allow SID = S-1-3-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo >(inherited) >print_canon_ace_list: canonicalise_acl: ace entries after arrange >canon_ace index 0. Type = allow SID = S-1-3-0 uid 18000 (18000) SMB_ACL_USER_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 1. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1001 gid 0 (admin) SMB_ACL_GROUP (inherited) perms rwxdpo >(inherited) >canon_ace index 2. Type = allow SID = S-1-3-1 gid 100 (AllLocalUsers) SMB_ACL_GROUP_OBJ (inherited) perms rwxdpo >(inherited) >canon_ace index 3. Type = allow SID = S-1-5-21-1250349775-4091538868-537732204-1002 uid 1 (admin) SMB_ACL_USER (inherited) perms rwxdpo >(inherited) >canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER (inherited) perms rwxdpo >(inherited) >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >map_canon_ace_perms: Mapped (XFS) 1f8 to (NT) 1f01ff >merge_default_aces: Merging ACE 6 onto ACE 1. >merge_default_aces: Merging ACE 7 onto ACE 3. >merge_default_aces: Merging ACE 7 onto ACE 4. >call_nt_transact_query_security_desc: sd_size = 212. > 000000 sec_io_desc sd data > 0000 revision : 0001 > 0002 type : 8404 > 0004 off_owner_sid: 00000000 > 0008 off_grp_sid : 00000000 > 000c off_sacl : 00000000 > 0010 off_dacl : 00000014 > 000014 sec_io_acl dacl > 0014 revision: 0003 > 0018 num_aces : 00000007 > 00001c sec_io_ace ace_list[00]: > 001c type : 00 > 001d flags: 13 > 000020 sec_io_access info > 0020 mask: 001f01ff > 000024 smb_io_dom_sid trustee > 0024 sid_rev_num: 01 > 0025 num_auths : 05 > 0026 id_auth[0] : 00 > 0027 id_auth[1] : 00 > 0028 id_auth[2] : 00 > 0029 id_auth[3] : 00 > 002a id_auth[4] : 00 > 002b id_auth[5] : 05 > 002c sub_auths : 00000015 4a86d2cf f3dfedb4 200d246c 000003e9 > 001e size : 0024 > 000040 sec_io_ace ace_list[01]: > 0040 type : 00 > 0041 flags: 13 > 000044 sec_io_access info > 0044 mask: 001f01ff > 000048 smb_io_dom_sid trustee > 0048 sid_rev_num: 01 > 0049 num_auths : 05 > 004a id_auth[0] : 00 > 004b id_auth[1] : 00 > 004c id_auth[2] : 00 > 004d id_auth[3] : 00 > 004e id_auth[4] : 00 > 004f id_auth[5] : 05 > 0050 sub_auths : 00000015 4a86d2cf f3dfedb4 200d246c 000003ea > 0042 size : 0024 > 000064 sec_io_ace ace_list[02]: > 0064 type : 00 > 0065 flags: 13 > 000068 sec_io_access info > 0068 mask: 001f01ff > 00006c smb_io_dom_sid trustee > 006c sid_rev_num: 01 > 006d num_auths : 01 > 006e id_auth[0] : 00 > 006f id_auth[1] : 00 > 0070 id_auth[2] : 00 > 0071 id_auth[3] : 00 > 0072 id_auth[4] : 00 > 0073 id_auth[5] : 01 > 0074 sub_auths : 00000000 > 0066 size : 0014 > 000078 sec_io_ace ace_list[03]: > 0078 type : 00 > 0079 flags: 10 > 00007c sec_io_access info > 007c mask: 001f01ff > 000080 smb_io_dom_sid trustee > 0080 sid_rev_num: 00 > 0081 num_auths : 00 > 0082 id_auth[0] : 00 > 0083 id_auth[1] : 00 > 0084 id_auth[2] : 00 > 0085 id_auth[3] : 00 > 0086 id_auth[4] : 00 > 0087 id_auth[5] : 00 > 0088 sub_auths : > 007a size : 0010 > 000088 sec_io_ace ace_list[04]: > 0088 type : 00 > 0089 flags: 10 > 00008c sec_io_access info > 008c mask: 001f01ff > 000090 smb_io_dom_sid trustee > 0090 sid_rev_num: 01 > 0091 num_auths : 05 > 0092 id_auth[0] : 00 > 0093 id_auth[1] : 00 > 0094 id_auth[2] : 00 > 0095 id_auth[3] : 00 > 0096 id_auth[4] : 00 > 0097 id_auth[5] : 05 > 0098 sub_auths : 00000015 4a86d2cf f3dfedb4 200d246c 000004b1 > 008a size : 0024 > 0000ac sec_io_ace ace_list[05]: > 00ac type : 00 > 00ad flags: 1b > 0000b0 sec_io_access info > 00b0 mask: 001f01ff > 0000b4 smb_io_dom_sid trustee > 00b4 sid_rev_num: 01 > 00b5 num_auths : 01 > 00b6 id_auth[0] : 00 > 00b7 id_auth[1] : 00 > 00b8 id_auth[2] : 00 > 00b9 id_auth[3] : 00 > 00ba id_auth[4] : 00 > 00bb id_auth[5] : 03 > 00bc sub_auths : 00000000 > 00ae size : 0014 > 0000c0 sec_io_ace ace_list[06]: > 00c0 type : 00 > 00c1 flags: 1b > 0000c4 sec_io_access info > 00c4 mask: 001f01ff > 0000c8 smb_io_dom_sid trustee > 00c8 sid_rev_num: 01 > 00c9 num_auths : 01 > 00ca id_auth[0] : 00 > 00cb id_auth[1] : 00 > 00cc id_auth[2] : 00 > 00cd id_auth[3] : 00 > 00ce id_auth[4] : 00 > 00cf id_auth[5] : 03 > 00d0 sub_auths : 00000001 > 00c2 size : 0014 > 0016 size : 00c0 >nt_rep: params_sent_thistime = 4, data_sent_thistime = 212, useable_space = 130994 >nt_rep: params_to_send = 4, data_to_send = 212, paramsize = 4, datasize = 212 >write_socket(16,294) >write_socket(16,294) wrote 294 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 91 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=18562 >smt_wct=3 >smb_vwv[ 0]= 9782 (0x2636) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 19651) >change_to_user: Skipping user change - already user >close directory fnum=9782 >freed files structure 9782 (1 used) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=18562 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >async_processing: Doing async processing. >receive_local_message: doing select with timeout of 1 ms >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Closing connections >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >mkaplan-win2k (10.33.1.136) closed connection to service IPC$ >Yielding connection to IPC$ >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >vfs_ChDir to / >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >mkaplan-win2k (10.33.1.136) closed connection to service SHARE1 >Yielding connection to SHARE1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >mkaplan-win2k (10.33.1.136) closed connection to service SHARE1 >Yielding connection to SHARE1 >kernel_remove_notify: fd=28 >kernel_remove_notify: fd=27 >freed files structure 9765 (0 used) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >attempting to free (and zero) a server_info structure >Yielding connection to >receive_local_message: doing select with timeout of 1 ms >Server exit (Caught TERM signal)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=148">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 470
: 148 |
149
|
150
|
151