db_get_id_from_sid [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-2500064940-1627118499-3395298096-1109 of type 0x1 [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-2500064940-1627118499-3395298096-1109 -> UID 70000 [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_id_from_sid(241) internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2500064940-1627118499-3395298096-1109 -> UID 70000 [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record UID 70000 [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record UID 70000 -> S-1-5-21-2500064940-1627118499-3395298096-1109 [2006/01/31 11:38:30, 10] sam/idmap_util.c:idmap_sid_to_uid(151) idmap_sid_to_uid: uid = [70000] [2006/01/31 11:38:30, 10] sam/idmap_util.c:idmap_sid_to_gid(173) sid_to_gid: sid = [S-1-5-21-2500064940-1627118499-3395298096-513] [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-2500064940-1627118499-3395298096-513 of type 0x2 [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-2500064940-1627118499-3395298096-513 -> GID 70001 [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_id_from_sid(260) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2500064940-1627118499-3395298096-513 -> GID 70001 [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 70001 [2006/01/31 11:38:30, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record GID 70001 -> S-1-5-21-2500064940-1627118499-3395298096-513 [2006/01/31 11:38:30, 10] sam/idmap_util.c:idmap_sid_to_gid(181) idmap_sid_to_gid: gid = [70001] claiming IPC$ 0 [2006/01/31 11:38:30, 10] smbd/uid.c:is_share_read_only_for_user(121) is_share_read_only_for_user: share IPC$ is read-only for unix user LAB2000DOMAIN\test333 [2006/01/31 11:38:30, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2006/01/31 11:38:30, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/01/31 11:38:30, 10] lib/util_seaccess.c:se_access_check(231) se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-2500064940-1627118499-3395298096-1109. [2006/01/31 11:38:30, 3] lib/util_seaccess.c:se_access_check(250) [2006/01/31 11:38:30, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2500064940-1627118499-3395298096-1109 se_access_check: also S-1-5-21-2500064940-1627118499-3395298096-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2500064940-1627118499-3395298096-1108 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2006/01/31 11:38:30, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/01/31 11:38:30, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (70000, 70001) - sec_ctx_stack_ndx = 0 [2006/01/31 11:38:30, 5] auth/auth_util.c:debug_nt_user_token(456) NT user token of user S-1-5-21-2500064940-1627118499-3395298096-1109 contains 6 SIDs SID[ 0]: S-1-5-21-2500064940-1627118499-3395298096-1109 SID[ 1]: S-1-5-21-2500064940-1627118499-3395298096-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2500064940-1627118499-3395298096-1108 SE_PRIV 0x0 0x0 0x0 0x0 [2006/01/31 11:38:30, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 70000 Primary group is 70001 and contains 2 supplementary groups Group[ 0]: 70001 Group[ 1]: 70000 [2006/01/31 11:38:30, 5] smbd/uid.c:change_to_user(303) change_to_user uid=(70000,70000) gid=(0,70001) [2006/01/31 11:38:30, 3] smbd/service.c:make_connection_snum(662) bd-s1 (10.86.41.165) connect to service IPC$ initially as user LAB2000DOMAIN\test333 (uid=70000, gid=70001) (pid 6816) [2006/01/31 11:38:30, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/31 11:38:30, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/01/31 11:38:30, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/01/31 11:38:30, 5] smbd/uid.c:change_to_root_user(318) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/01/31 11:38:30, 3] smbd/reply.c:reply_tcon_and_X(672) tconX service=IPC$ [2006/01/31 11:38:30, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:30, 5] lib/util.c:show_msg(457) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=5 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2006/01/31 11:38:30, 10] lib/util.c:dump_data(2053) [000] 49 50 43 00 00 00 00 IPC.... [2006/01/31 11:38:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 100 [2006/01/31 11:38:30, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x64 [2006/01/31 11:38:30, 3] smbd/process.c:process_smb(1114) Transaction 5 of length 104 [2006/01/31 11:38:30, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:30, 5] lib/util.c:show_msg(457) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=6 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2006/01/31 11:38:30, 10] lib/util.c:dump_data(2053) [000] 18 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2006/01/31 11:38:30, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 6816) conn 0x83ec200 [2006/01/31 11:38:30, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (70000, 70001) - sec_ctx_stack_ndx = 0 [2006/01/31 11:38:30, 5] auth/auth_util.c:debug_nt_user_token(456) NT user token of user S-1-5-21-2500064940-1627118499-3395298096-1109 contains 6 SIDs SID[ 0]: S-1-5-21-2500064940-1627118499-3395298096-1109 SID[ 1]: S-1-5-21-2500064940-1627118499-3395298096-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2500064940-1627118499-3395298096-1108 SE_PRIV 0x0 0x0 0x0 0x0 [2006/01/31 11:38:30, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 70000 Primary group is 70001 and contains 2 supplementary groups Group[ 0]: 70001 Group[ 1]: 70000 [2006/01/31 11:38:30, 5] smbd/uid.c:change_to_user(303) change_to_user uid=(70000,70000) gid=(0,70001) [2006/01/31 11:38:30, 4] smbd/vfs.c:vfs_ChDir(737) vfs_ChDir to /tmp [2006/01/31 11:38:30, 10] smbd/nttrans.c:reply_ntcreate_and_X(497) reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2006/01/31 11:38:30, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \lsarpc. [2006/01/31 11:38:30, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe lsarpc opening. [2006/01/31 11:38:30, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(177) Open pipe requested lsarpc (pipes_open=0) [2006/01/31 11:38:30, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested lsarpc [2006/01/31 11:38:30, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2006/01/31 11:38:30, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(92) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2006/01/31 11:38:30, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(369) Created internal pipe lsarpc (pipes_open=0) [2006/01/31 11:38:30, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(256) Opened pipe lsarpc with handle 7026 (pipes_open=1) [2006/01/31 11:38:30, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name lsarpc pnum=7026 [2006/01/31 11:38:30, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \lsarpc [2006/01/31 11:38:30, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:30, 5] lib/util.c:show_msg(457) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 9728 (0x2600) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/01/31 11:38:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 154 [2006/01/31 11:38:30, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x9a [2006/01/31 11:38:30, 3] smbd/process.c:process_smb(1114) Transaction 6 of length 158 [2006/01/31 11:38:30, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:30, 5] lib/util.c:show_msg(457) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28710 (0x7026) smb_bcc=87 [2006/01/31 11:38:30, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/01/31 11:38:30, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 6816) conn 0x83ec200 [2006/01/31 11:38:30, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:30, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=72 params=0 setup=2 [2006/01/31 11:38:30, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/01/31 11:38:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/31 11:38:30, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/01/31 11:38:30, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7026 [2006/01/31 11:38:30, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name lsarpc pnum=7026 (pipes_open=1) [2006/01/31 11:38:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7026) [2006/01/31 11:38:30, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ead28 max_trans_reply: 1024 [2006/01/31 11:38:30, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7026 name: lsarpc open: Yes len: 72 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2006/01/31 11:38:30, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 11, flags = 3 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 11 [2006/01/31 11:38:30, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(880) api_pipe_bind_req: decode request. 880 [2006/01/31 11:38:30, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2006/01/31 11:38:30, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0008 num_contexts: 01 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_transfer_syntaxes: 01 [2006/01/31 11:38:30, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2006/01/31 11:38:30, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 12345778 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 1234 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : abcd [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : ef 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 01 23 45 67 89 ab [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000000 [2006/01/31 11:38:30, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2006/01/31 11:38:30, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2006/01/31 11:38:30, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1030) api_pipe_bind_req: make response. 1030 [2006/01/31 11:38:30, 3] rpc_server/srv_pipe.c:check_bind_req(765) check_bind_req for \PIPE\lsarpc [2006/01/31 11:38:30, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\lsarpc [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2006/01/31 11:38:30, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2006/01/31 11:38:30, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000c [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\lsass. [2006/01/31 11:38:30, 6] rpc_parse/parse_prs.c:prs_debug(82) 000016 smb_io_rpc_results [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2006/01/31 11:38:30, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2006/01/31 11:38:30, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:30, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2006/01/31 11:38:30, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7026 name: lsarpc len: 1024 [2006/01/31 11:38:30, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(967) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/01/31 11:38:30, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..68] [2006/01/31 11:38:30, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:30, 5] lib/util.c:show_msg(457) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/01/31 11:38:30, 10] lib/util.c:dump_data(2053) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/01/31 11:38:31, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 150 [2006/01/31 11:38:31, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x96 [2006/01/31 11:38:31, 3] smbd/process.c:process_smb(1114) Transaction 7 of length 154 [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28710 (0x7026) smb_bcc=83 [2006/01/31 11:38:31, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 34 .......D .......4 [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2006/01/31 11:38:31, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 6816) conn 0x83ec200 [2006/01/31 11:38:31, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:31, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=68 params=0 setup=2 [2006/01/31 11:38:31, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/01/31 11:38:31, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/31 11:38:31, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7026 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name lsarpc pnum=7026 (pipes_open=1) [2006/01/31 11:38:31, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7026) [2006/01/31 11:38:31, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ead28 max_trans_reply: 4280 [2006/01/31 11:38:31, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7026 name: lsarpc open: Yes len: 68 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 68 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 0, flags = 3 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 52, incoming data = 52 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 0 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000034 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0006 [2006/01/31 11:38:31, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 70 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\lsarpc [2006/01/31 11:38:31, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2006/01/31 11:38:31, 6] rpc_server/srv_pipe.c:api_rpcTNP(1568) api_rpc_cmds[1].fn == 0x8137c60 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr : 00000001 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 system_name: 005c [2006/01/31 11:38:31, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_obj_attr [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 len : 00000018 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c ptr_root_dir: 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 ptr_obj_name: 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 attributes : 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr_sec_desc: 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr_sec_qos : 00000001 [2006/01/31 11:38:31, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 lsa_io_obj_qos sec_qos [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 len : 0000000c [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 sec_imp_level : 0002 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0026 sec_ctxt_mode : 01 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0027 effective_only: 00 [2006/01/31 11:38:31, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(180) lsa_io_sec_qos: length c does not match size 8 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 des_access: 02000000 [2006/01/31 11:38:31, 10] lib/util_seaccess.c:se_access_check(231) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-2500064940-1627118499-3395298096-1109. [2006/01/31 11:38:31, 3] lib/util_seaccess.c:se_access_check(250) [2006/01/31 11:38:31, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2500064940-1627118499-3395298096-1109 se_access_check: also S-1-5-21-2500064940-1627118499-3395298096-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2500064940-1627118499-3395298096-1108 [2006/01/31 11:38:31, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 87 92 DF 43 ........ .......C [010] A0 1A 00 00 .... [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_open_pol [2006/01/31 11:38:31, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 87 92 df 43 a0 1a 00 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_ntstatus(698) 0014 status: NT_STATUS_OK [2006/01/31 11:38:31, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called lsarpc successfully [2006/01/31 11:38:31, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 808 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 52 [2006/01/31 11:38:31, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7026 name: lsarpc len: 4280 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(981) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2006/01/31 11:38:31, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..48] [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/01/31 11:38:31, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 87 92 DF 43 A0 1A 00 00 00 00 00 ........ C....... [030] 00 . [2006/01/31 11:38:31, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/01/31 11:38:31, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/01/31 11:38:31, 3] smbd/process.c:process_smb(1114) Transaction 8 of length 132 [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28710 (0x7026) smb_bcc=61 [2006/01/31 11:38:31, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 1E ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 87 92 DF 43 A0 1A 00 00 05 00 ......C. ..... [2006/01/31 11:38:31, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 6816) conn 0x83ec200 [2006/01/31 11:38:31, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:31, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=46 params=0 setup=2 [2006/01/31 11:38:31, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/01/31 11:38:31, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/31 11:38:31, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7026 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name lsarpc pnum=7026 (pipes_open=1) [2006/01/31 11:38:31, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7026) [2006/01/31 11:38:31, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ead28 max_trans_reply: 4280 [2006/01/31 11:38:31, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7026 name: lsarpc open: Yes len: 46 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 0, flags = 3 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 0 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001e [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2006/01/31 11:38:31, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\lsarpc [2006/01/31 11:38:31, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2006/01/31 11:38:31, 6] rpc_server/srv_pipe.c:api_rpcTNP(1568) api_rpc_cmds[2].fn == 0x8137e60 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2006/01/31 11:38:31, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 87 92 df 43 a0 1a 00 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 0005 [2006/01/31 11:38:31, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 87 92 DF 43 ........ .......C [010] A0 1A 00 00 .... [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 22000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 info_class: 0005 [2006/01/31 11:38:31, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_dom_query [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 uni_dom_max_len: 000a [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a uni_dom_str_len: 000c [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c buffer_dom_name: 00000001 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 buffer_dom_sid : 00000001 [2006/01/31 11:38:31, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unistr2 unistr2 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 uni_max_len: 00000006 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset : 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_str_len: 00000005 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0020 buffer : B.D.-.S.1. [2006/01/31 11:38:31, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_dom_sid2 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c num_auths: 00000004 [2006/01/31 11:38:31, 8] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid sid [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0030 sid_rev_num: 01 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0031 num_auths : 04 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0032 id_auth[0] : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0033 id_auth[1] : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 id_auth[2] : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 id_auth[3] : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[4] : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[5] : 05 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0038 sub_auths : 00000015 8f9588b5 7f7a6379 05669942 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_ntstatus(698) 0048 status: NT_STATUS_OK [2006/01/31 11:38:31, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called lsarpc successfully [2006/01/31 11:38:31, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 12 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2006/01/31 11:38:31, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7026 name: lsarpc len: 4280 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(981) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0064 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 0000004c [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2006/01/31 11:38:31, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..100] [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2006/01/31 11:38:31, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 03 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .L...... ...."... [020] 00 0A 00 0C 00 01 00 00 00 01 00 00 00 06 00 00 ........ ........ [030] 00 00 00 00 00 05 00 00 00 42 00 44 00 2D 00 53 ........ .B.D.-.S [040] 00 31 00 00 00 04 00 00 00 01 04 00 00 00 00 00 .1...... ........ [050] 05 15 00 00 00 B5 88 95 8F 79 63 7A 7F 42 99 66 ........ .ycz.B.f [060] 05 00 00 00 00 ..... [2006/01/31 11:38:31, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 126 [2006/01/31 11:38:31, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x7e [2006/01/31 11:38:31, 3] smbd/process.c:process_smb(1114) Transaction 9 of length 130 [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28710 (0x7026) smb_bcc=59 [2006/01/31 11:38:31, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 1C ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 87 92 DF 43 A0 1A 00 00 ......C. ... [2006/01/31 11:38:31, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 6816) conn 0x83ec200 [2006/01/31 11:38:31, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:31, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2006/01/31 11:38:31, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/01/31 11:38:31, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/31 11:38:31, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7026 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name lsarpc pnum=7026 (pipes_open=1) [2006/01/31 11:38:31, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7026) [2006/01/31 11:38:31, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ead28 max_trans_reply: 4280 [2006/01/31 11:38:31, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7026 name: lsarpc open: Yes len: 44 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 0, flags = 3 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 0 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001c [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0000 [2006/01/31 11:38:31, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\lsarpc [2006/01/31 11:38:31, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2006/01/31 11:38:31, 6] rpc_server/srv_pipe.c:api_rpcTNP(1568) api_rpc_cmds[4].fn == 0x8138290 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_close [2006/01/31 11:38:31, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 87 92 df 43 a0 1a 00 00 [2006/01/31 11:38:31, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 87 92 DF 43 ........ .......C [010] A0 1A 00 00 .... [2006/01/31 11:38:31, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 87 92 DF 43 ........ .......C [010] A0 1A 00 00 .... [2006/01/31 11:38:31, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_close [2006/01/31 11:38:31, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_ntstatus(698) 0014 status: NT_STATUS_OK [2006/01/31 11:38:31, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called lsarpc successfully [2006/01/31 11:38:31, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/01/31 11:38:31, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7026 name: lsarpc len: 4280 [2006/01/31 11:38:31, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(981) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2006/01/31 11:38:31, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2006/01/31 11:38:31, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..48] [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/01/31 11:38:31, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/01/31 11:38:31, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 41 [2006/01/31 11:38:31, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x29 [2006/01/31 11:38:31, 3] smbd/process.c:process_smb(1114) Transaction 10 of length 45 [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=11 smt_wct=3 smb_vwv[ 0]=28710 (0x7026) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/01/31 11:38:31, 3] smbd/process.c:switch_message(900) switch message SMBclose (pid 6816) conn 0x83ec200 [2006/01/31 11:38:31, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7026 [2006/01/31 11:38:31, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name lsarpc pnum=7026 (pipes_open=1) [2006/01/31 11:38:31, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:7026 [2006/01/31 11:38:31, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name lsarpc pnum=7026 (pipes_open=0) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=11 smt_wct=0 smb_bcc=0 [2006/01/31 11:38:31, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 102 [2006/01/31 11:38:31, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x66 [2006/01/31 11:38:31, 3] smbd/process.c:process_smb(1114) Transaction 11 of length 106 [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=12 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=19 [2006/01/31 11:38:31, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [010] 00 00 00 ... [2006/01/31 11:38:31, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 6816) conn 0x83ec200 [2006/01/31 11:38:31, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:31, 10] smbd/nttrans.c:reply_ntcreate_and_X(497) reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2006/01/31 11:38:31, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \spoolss. [2006/01/31 11:38:31, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe spoolss opening. [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(177) Open pipe requested spoolss (pipes_open=0) [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested spoolss [2006/01/31 11:38:31, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe spoolss [2006/01/31 11:38:31, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(92) init_pipe_handles: pipe_handles ref count = 1 for pipe spoolss [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(369) Created internal pipe spoolss (pipes_open=0) [2006/01/31 11:38:31, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(256) Opened pipe spoolss with handle 7027 (pipes_open=1) [2006/01/31 11:38:31, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name spoolss pnum=7027 [2006/01/31 11:38:31, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \spoolss [2006/01/31 11:38:31, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:31, 5] lib/util.c:show_msg(457) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=12 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 9984 (0x2700) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/01/31 11:38:32, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 154 [2006/01/31 11:38:32, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x9a [2006/01/31 11:38:32, 3] smbd/process.c:process_smb(1114) Transaction 12 of length 158 [2006/01/31 11:38:32, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:32, 5] lib/util.c:show_msg(457) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28711 (0x7027) smb_bcc=87 [2006/01/31 11:38:32, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/01/31 11:38:32, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 6816) conn 0x83ec200 [2006/01/31 11:38:32, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:32, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=72 params=0 setup=2 [2006/01/31 11:38:32, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/01/31 11:38:32, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/31 11:38:32, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/01/31 11:38:32, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7027 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name spoolss pnum=7027 (pipes_open=1) [2006/01/31 11:38:32, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 7027) [2006/01/31 11:38:32, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ead28 max_trans_reply: 1024 [2006/01/31 11:38:32, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7027 name: spoolss open: Yes len: 72 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 11, flags = 3 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 11 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(880) api_pipe_bind_req: decode request. 880 [2006/01/31 11:38:32, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0008 num_contexts: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_transfer_syntaxes: 01 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2006/01/31 11:38:32, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 12345678 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 1234 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : abcd [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : ef 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 01 23 45 67 89 ab [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000001 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2006/01/31 11:38:32, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1030) api_pipe_bind_req: make response. 1030 [2006/01/31 11:38:32, 3] rpc_server/srv_pipe.c:check_bind_req(765) check_bind_req for \PIPE\spoolss [2006/01/31 11:38:32, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\lsarpc [2006/01/31 11:38:32, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\lsarpc [2006/01/31 11:38:32, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\samr [2006/01/31 11:38:32, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\NETLOGON [2006/01/31 11:38:32, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\srvsvc [2006/01/31 11:38:32, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\wkssvc [2006/01/31 11:38:32, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\winreg [2006/01/31 11:38:32, 10] rpc_server/srv_pipe.c:check_bind_req(771) checking \PIPE\spoolss [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000e [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\spoolss. [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_results [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2006/01/31 11:38:32, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2006/01/31 11:38:32, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7027 name: spoolss len: 1024 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(967) read_from_pipe: spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/01/31 11:38:32, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..68] [2006/01/31 11:38:32, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:32, 5] lib/util.c:show_msg(457) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/01/31 11:38:32, 10] lib/util.c:dump_data(2053) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 70 6F 6F 6C 73 73 00 01 00 00 00 00 00 00 \spoolss ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/01/31 11:38:32, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 158 [2006/01/31 11:38:32, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x9e [2006/01/31 11:38:32, 3] smbd/process.c:process_smb(1114) Transaction 13 of length 162 [2006/01/31 11:38:32, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:32, 5] lib/util.c:show_msg(457) size=158 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28711 (0x7027) smb_bcc=91 [2006/01/31 11:38:32, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 4C 00 00 00 06 00 00 00 3C .......L .......< [020] 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 08 ........ ........ [030] 00 00 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 ........ ...\.\.B [040] 00 44 00 2D 00 53 00 31 00 00 00 01 00 00 00 B0 .D.-.S.1 ........ [050] EC FF BF 00 00 00 00 00 00 00 00 ........ ... [2006/01/31 11:38:32, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 6816) conn 0x83ec200 [2006/01/31 11:38:32, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:32, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=76 params=0 setup=2 [2006/01/31 11:38:32, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/01/31 11:38:32, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/31 11:38:32, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/01/31 11:38:32, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7027 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name spoolss pnum=7027 (pipes_open=1) [2006/01/31 11:38:32, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 7027) [2006/01/31 11:38:32, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ead28 max_trans_reply: 4280 [2006/01/31 11:38:32, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7027 name: spoolss open: Yes len: 76 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 0, flags = 3 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 0 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000003c [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0000 [2006/01/31 11:38:32, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 71 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\spoolss [2006/01/31 11:38:32, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: spoolss op 0x0 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERS [2006/01/31 11:38:32, 6] rpc_server/srv_pipe.c:api_rpcTNP(1568) api_rpc_cmds[8].fn == 0x8156070 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 spoolss_io_q_enumprinters [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 flags: 00000002 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 servername_ptr: 00000001 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_unistr2 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 uni_max_len: 00000008 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c offset : 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 uni_str_len: 00000008 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0014 buffer : \.\.B.D.-.S.1... [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 level: 00000001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 ptr: bfffecb0 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c prs_rpcbuffer [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c size: 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 offered: 00000000 [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:_spoolss_enumprinters(4724) _spoolss_enumprinters [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1_local(4450) enum_all_printers_info_1_local [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4393) enum_all_printers_info_1 [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4397) Found a printer in smb.conf: Cluster1[4] [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer(4431) get_a_printer: [Cluster1] level 2 [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer_2_default(3651) get_a_printer_2_default: driver name set to [] [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 sec_io_desc_buf nt_printing_getsec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 max_len: 000000c8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr : 00000001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 len : 000000c8 [2006/01/31 11:38:32, 7] rpc_parse/parse_prs.c:prs_debug(82) 00000c sec_io_desc sec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c revision : 0001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000e type : 8004 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 off_owner_sid: 000000a8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 off_grp_sid : 000000b8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 off_sacl : 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c off_dacl : 00000014 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000b4 smb_io_dom_sid owner_sid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ba id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00bb id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00bc sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000c4 smb_io_dom_sid grp_sid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ca id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00cb id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00cc sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 000020 sec_io_acl dacl [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0020 revision: 0002 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0022 size : 0094 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 num_aces : 00000005 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000028 sec_io_ace ace_list[00]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0028 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0029 flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a size : 0014 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 00002c sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c mask: 20020008 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0030 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0031 num_auths : 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0032 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0033 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[5] : 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0038 sub_auths : 00000000 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 00003c sec_io_ace ace_list[01]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003c type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003d flags: 09 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003e size : 0024 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000040 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0044 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0045 num_auths : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0046 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0047 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0048 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0049 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004a id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004b id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 004c sub_auths : 00000015 9503f6ac 60fbdba3 ca602330 000001f4 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000060 sec_io_ace ace_list[02]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0060 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0061 flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 size : 0024 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000064 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0068 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0069 num_auths : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006a id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006b id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006c id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006d id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006e id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006f id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0070 sub_auths : 00000015 9503f6ac 60fbdba3 ca602330 000001f4 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000084 sec_io_ace ace_list[03]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0084 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0085 flags: 09 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0086 size : 0018 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000088 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0088 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 00008c smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008c sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008d num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008e id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008f id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0090 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0091 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0092 id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0093 id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0094 sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 00009c sec_io_ace ace_list[04]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009c type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009d flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009e size : 0018 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 0000a4 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00aa id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ab id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00ac sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5366) secdesc_ctr for Cluster1 has 5 aces: [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-1-0 0 2 0x20020008 [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-21-2500064940-1627118499-3395298096-500 0 9 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-21-2500064940-1627118499-3395298096-500 0 2 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-32-544 0 9 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-32-544 0 2 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer(4529) get_a_printer: [Cluster1] level 2 returning WERR_OK [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4407) ReAlloced memory for [0] PRINTER_INFO_1 [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4397) Found a printer in smb.conf: printer1[5] [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer(4431) get_a_printer: [printer1] level 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_devicemode(2649) Unpacked devicemode [\\bd-s1\printer1](Letter) [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_devicemode(2651) with a private section of 7288 bytes [2006/01/31 11:38:32, 10] printing/nt_printing.c:add_new_printer_key(2686) add_new_printer_key: Inserted new data key [PrinterDriverData] [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:Model], len: 58 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:TrayFormTable], len: 186 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:TrayFormMapSize], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:TrayFormMap], len: 58 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:FontCart], len: 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:FreeMem], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:PrinterDataSize], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:PrinterData], len: 560 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:FeatureKeywordSize], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:FeatureKeyword], len: 611 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:CombinedMediaStatus], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:HPDUMMY], len: 4 [2006/01/31 11:38:32, 10] printing/nt_printing.c:add_new_printer_key(2686) add_new_printer_key: Inserted new data key [DsSpooler] [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printerName], len: 18 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:versionNumber], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:driverName], len: 58 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:location], len: 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:description], len: 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:portName], len: 40 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printSeparatorFile], len: 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printStartTime], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printEndTime], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:priority], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printKeepPrintedJobs], len: 1 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printSpooling], len: 38 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:serverName], len: 12 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:shortServerName], len: 12 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:uNCName], len: 34 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 sec_io_desc_buf nt_printing_getsec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 max_len: 000000c8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr : 00000001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 len : 000000c8 [2006/01/31 11:38:32, 7] rpc_parse/parse_prs.c:prs_debug(82) 00000c sec_io_desc sec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c revision : 0001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000e type : 8004 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 off_owner_sid: 000000a8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 off_grp_sid : 000000b8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 off_sacl : 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c off_dacl : 00000014 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000b4 smb_io_dom_sid owner_sid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ba id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00bb id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00bc sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000c4 smb_io_dom_sid grp_sid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ca id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00cb id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00cc sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 000020 sec_io_acl dacl [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0020 revision: 0002 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0022 size : 0094 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 num_aces : 00000005 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000028 sec_io_ace ace_list[00]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0028 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0029 flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a size : 0014 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 00002c sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c mask: 20020008 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0030 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0031 num_auths : 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0032 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0033 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[5] : 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0038 sub_auths : 00000000 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 00003c sec_io_ace ace_list[01]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003c type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003d flags: 09 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003e size : 0024 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000040 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0044 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0045 num_auths : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0046 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0047 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0048 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0049 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004a id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004b id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 004c sub_auths : 00000015 9503f6ac 60fbdba3 ca602330 000001f4 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000060 sec_io_ace ace_list[02]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0060 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0061 flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 size : 0024 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000064 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0068 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0069 num_auths : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006a id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006b id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006c id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006d id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006e id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006f id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0070 sub_auths : 00000015 9503f6ac 60fbdba3 ca602330 000001f4 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000084 sec_io_ace ace_list[03]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0084 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0085 flags: 09 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0086 size : 0018 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000088 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0088 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 00008c smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008c sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008d num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008e id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008f id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0090 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0091 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0092 id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0093 id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0094 sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 00009c sec_io_ace ace_list[04]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009c type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009d flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009e size : 0018 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 0000a4 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00aa id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ab id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00ac sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5366) secdesc_ctr for printer1 has 5 aces: [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-1-0 0 2 0x20020008 [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-21-2500064940-1627118499-3395298096-500 0 9 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-21-2500064940-1627118499-3395298096-500 0 2 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-32-544 0 9 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-32-544 0 2 0x100f000c [2006/01/31 11:38:32, 9] printing/nt_printing.c:get_a_printer_2(3796) Unpacked printer [printer1] name [\\bd-s1\printer1] running driver [HP Color LaserJet 4700 PCL 6] [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer(4529) get_a_printer: [printer1] level 2 returning WERR_OK [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4407) ReAlloced memory for [1] PRINTER_INFO_1 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 spoolss_io_r_enumprinters [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr: 0839d690 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 prs_rpcbuffer [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 size: 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 needed: 000000ec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c returned: 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_werror(728) 0010 status: WERR_INSUFFICIENT_BUFFER [2006/01/31 11:38:32, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called spoolss successfully [2006/01/31 11:38:32, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 2012 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2006/01/31 11:38:32, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7027 name: spoolss len: 4280 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(981) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 20. [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000014 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2006/01/31 11:38:32, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..44] [2006/01/31 11:38:32, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:32, 5] lib/util.c:show_msg(457) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2006/01/31 11:38:32, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [010] 00 14 00 00 00 00 00 00 00 90 D6 39 08 00 00 00 ........ ...9.... [020] 00 EC 00 00 00 00 00 00 00 7A 00 00 00 ........ .z... [2006/01/31 11:38:32, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 394 [2006/01/31 11:38:32, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x18a [2006/01/31 11:38:32, 3] smbd/process.c:process_smb(1114) Transaction 14 of length 398 [2006/01/31 11:38:32, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:32, 5] lib/util.c:show_msg(457) size=394 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 312 (0x138) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 312 (0x138) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28711 (0x7027) smb_bcc=327 [2006/01/31 11:38:32, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 38 01 00 00 07 00 00 00 28 .......8 .......( [020] 01 00 00 00 00 00 00 02 00 00 00 01 00 00 00 08 ........ ........ [030] 00 00 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 ........ ...\.\.B [040] 00 44 00 2D 00 53 00 31 00 00 00 01 00 00 00 B0 .D.-.S.1 ........ [050] EC FF BF EC 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [140] 00 00 00 EC 00 00 00 ....... [2006/01/31 11:38:32, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 6816) conn 0x83ec200 [2006/01/31 11:38:32, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:32, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=312 params=0 setup=2 [2006/01/31 11:38:32, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/01/31 11:38:32, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/31 11:38:32, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/01/31 11:38:32, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7027 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name spoolss pnum=7027 (pipes_open=1) [2006/01/31 11:38:32, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 7027) [2006/01/31 11:38:32, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83ead28 max_trans_reply: 4280 [2006/01/31 11:38:32, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7027 name: spoolss open: Yes len: 312 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 312 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 312 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 312, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 296 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 296 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0138 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 0, flags = 3 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 296 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(776) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 296, incoming data = 296 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) process_complete_pdu: processing packet type 0 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 00000128 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0000 [2006/01/31 11:38:32, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2006/01/31 11:38:32, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\spoolss [2006/01/31 11:38:32, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: spoolss op 0x0 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERS [2006/01/31 11:38:32, 6] rpc_server/srv_pipe.c:api_rpcTNP(1568) api_rpc_cmds[8].fn == 0x8156070 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 spoolss_io_q_enumprinters [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 flags: 00000002 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 servername_ptr: 00000001 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_unistr2 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 uni_max_len: 00000008 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c offset : 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 uni_str_len: 00000008 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0014 buffer : \.\.B.D.-.S.1... [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 level: 00000001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0028 ptr: bfffecb0 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c prs_rpcbuffer [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c size: 000000ec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 011c offered: 000000ec [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:_spoolss_enumprinters(4724) _spoolss_enumprinters [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1_local(4450) enum_all_printers_info_1_local [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4393) enum_all_printers_info_1 [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4397) Found a printer in smb.conf: Cluster1[4] [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer(4431) get_a_printer: [Cluster1] level 2 [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer_2_default(3651) get_a_printer_2_default: driver name set to [] [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 sec_io_desc_buf nt_printing_getsec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 max_len: 000000c8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr : 00000001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 len : 000000c8 [2006/01/31 11:38:32, 7] rpc_parse/parse_prs.c:prs_debug(82) 00000c sec_io_desc sec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c revision : 0001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000e type : 8004 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 off_owner_sid: 000000a8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 off_grp_sid : 000000b8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 off_sacl : 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c off_dacl : 00000014 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000b4 smb_io_dom_sid owner_sid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ba id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00bb id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00bc sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000c4 smb_io_dom_sid grp_sid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ca id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00cb id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00cc sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 000020 sec_io_acl dacl [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0020 revision: 0002 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0022 size : 0094 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 num_aces : 00000005 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000028 sec_io_ace ace_list[00]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0028 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0029 flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a size : 0014 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 00002c sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c mask: 20020008 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0030 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0031 num_auths : 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0032 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0033 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[5] : 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0038 sub_auths : 00000000 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 00003c sec_io_ace ace_list[01]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003c type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003d flags: 09 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003e size : 0024 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000040 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0044 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0045 num_auths : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0046 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0047 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0048 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0049 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004a id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004b id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 004c sub_auths : 00000015 9503f6ac 60fbdba3 ca602330 000001f4 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000060 sec_io_ace ace_list[02]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0060 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0061 flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 size : 0024 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000064 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0068 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0069 num_auths : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006a id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006b id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006c id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006d id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006e id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006f id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0070 sub_auths : 00000015 9503f6ac 60fbdba3 ca602330 000001f4 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000084 sec_io_ace ace_list[03]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0084 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0085 flags: 09 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0086 size : 0018 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000088 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0088 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 00008c smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008c sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008d num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008e id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008f id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0090 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0091 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0092 id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0093 id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0094 sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 00009c sec_io_ace ace_list[04]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009c type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009d flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009e size : 0018 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 0000a4 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00aa id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ab id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00ac sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5366) secdesc_ctr for Cluster1 has 5 aces: [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-1-0 0 2 0x20020008 [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-21-2500064940-1627118499-3395298096-500 0 9 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-21-2500064940-1627118499-3395298096-500 0 2 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-32-544 0 9 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-32-544 0 2 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer(4529) get_a_printer: [Cluster1] level 2 returning WERR_OK [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4407) ReAlloced memory for [0] PRINTER_INFO_1 [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4397) Found a printer in smb.conf: printer1[5] [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer(4431) get_a_printer: [printer1] level 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_devicemode(2649) Unpacked devicemode [\\bd-s1\printer1](Letter) [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_devicemode(2651) with a private section of 7288 bytes [2006/01/31 11:38:32, 10] printing/nt_printing.c:add_new_printer_key(2686) add_new_printer_key: Inserted new data key [PrinterDriverData] [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:Model], len: 58 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:TrayFormTable], len: 186 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:TrayFormMapSize], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:TrayFormMap], len: 58 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:FontCart], len: 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:FreeMem], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:PrinterDataSize], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:PrinterData], len: 560 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:FeatureKeywordSize], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:FeatureKeyword], len: 611 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:CombinedMediaStatus], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [PrinterDriverData:HPDUMMY], len: 4 [2006/01/31 11:38:32, 10] printing/nt_printing.c:add_new_printer_key(2686) add_new_printer_key: Inserted new data key [DsSpooler] [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printerName], len: 18 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:versionNumber], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:driverName], len: 58 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:location], len: 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:description], len: 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:portName], len: 40 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printSeparatorFile], len: 2 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printStartTime], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printEndTime], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:priority], len: 4 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printKeepPrintedJobs], len: 1 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:printSpooling], len: 38 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:serverName], len: 12 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:shortServerName], len: 12 [2006/01/31 11:38:32, 8] printing/nt_printing.c:unpack_values(3533) specific: [DsSpooler:uNCName], len: 34 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 sec_io_desc_buf nt_printing_getsec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 max_len: 000000c8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 ptr : 00000001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 len : 000000c8 [2006/01/31 11:38:32, 7] rpc_parse/parse_prs.c:prs_debug(82) 00000c sec_io_desc sec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c revision : 0001 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000e type : 8004 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 off_owner_sid: 000000a8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 off_grp_sid : 000000b8 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 off_sacl : 00000000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c off_dacl : 00000014 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000b4 smb_io_dom_sid owner_sid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00b9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ba id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00bb id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00bc sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000c4 smb_io_dom_sid grp_sid [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00c9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ca id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00cb id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00cc sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 8] rpc_parse/parse_prs.c:prs_debug(82) 000020 sec_io_acl dacl [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0020 revision: 0002 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0022 size : 0094 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 num_aces : 00000005 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000028 sec_io_ace ace_list[00]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0028 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0029 flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a size : 0014 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 00002c sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 002c mask: 20020008 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0030 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0031 num_auths : 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0032 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0033 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[5] : 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0038 sub_auths : 00000000 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 00003c sec_io_ace ace_list[01]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003c type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003d flags: 09 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 003e size : 0024 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000040 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0040 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0044 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0045 num_auths : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0046 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0047 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0048 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0049 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004a id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 004b id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 004c sub_auths : 00000015 9503f6ac 60fbdba3 ca602330 000001f4 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000060 sec_io_ace ace_list[02]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0060 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0061 flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0062 size : 0024 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000064 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0064 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000068 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0068 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0069 num_auths : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006a id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006b id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006c id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006d id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006e id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 006f id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0070 sub_auths : 00000015 9503f6ac 60fbdba3 ca602330 000001f4 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 000084 sec_io_ace ace_list[03]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0084 type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0085 flags: 09 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0086 size : 0018 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 000088 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0088 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 00008c smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008c sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008d num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008e id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 008f id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0090 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0091 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0092 id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0093 id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0094 sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 9] rpc_parse/parse_prs.c:prs_debug(82) 00009c sec_io_ace ace_list[04]: [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009c type : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 009d flags: 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 009e size : 0018 [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 0000a0 sec_io_access info [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00a0 mask: 100f000c [2006/01/31 11:38:32, 10] rpc_parse/parse_prs.c:prs_debug(82) 0000a4 smb_io_dom_sid trustee [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a4 sid_rev_num: 01 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a5 num_auths : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a6 id_auth[0] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a7 id_auth[1] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a8 id_auth[2] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00a9 id_auth[3] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00aa id_auth[4] : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 00ab id_auth[5] : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 00ac sub_auths : 00000020 00000220 [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5366) secdesc_ctr for printer1 has 5 aces: [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-1-0 0 2 0x20020008 [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-21-2500064940-1627118499-3395298096-500 0 9 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-21-2500064940-1627118499-3395298096-500 0 2 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-32-544 0 9 0x100f000c [2006/01/31 11:38:32, 10] printing/nt_printing.c:nt_printing_getsec(5374) S-1-5-32-544 0 2 0x100f000c [2006/01/31 11:38:32, 9] printing/nt_printing.c:get_a_printer_2(3796) Unpacked printer [printer1] name [\\bd-s1\printer1] running driver [HP Color LaserJet 4700 PCL 6] [2006/01/31 11:38:32, 10] printing/nt_printing.c:get_a_printer(4529) get_a_printer: [printer1] level 2 returning WERR_OK [2006/01/31 11:38:32, 4] rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4407) ReAlloced memory for [1] PRINTER_INFO_1 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_printer_info_1 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 flags: 00800000 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000c6 smb_io_unistr description [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_unistr(1129) 00c6 unistr: \.\.b.d.-.s.1.\.C.l.u.s.t.e.r.1.,.,... [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 offset: 000000c6 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000a4 smb_io_unistr name [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_unistr(1129) 00a4 unistr: \.\.b.d.-.s.1.\.C.l.u.s.t.e.r.1... [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset: 000000a4 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 0000a2 smb_io_unistr comment [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_unistr(1129) 00a2 unistr: .. [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c offset: 000000a2 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_printer_info_1 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 flags: 00800000 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_unistr description [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_unistr(1129) 0044 unistr: \.\.b.d.-.s.1.\.p.r.i.n.t.e.r.1.,.H.P. .C.o.l.o.r. .L.a.s.e.r.J.e.t. .4.7.0.0. .P.C.L. .6.,... [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 offset: 00000034 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000022 smb_io_unistr name [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_unistr(1129) 0022 unistr: \.\.b.d.-.s.1.\.p.r.i.n.t.e.r.1... [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset: 00000012 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_unistr comment [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_unistr(1129) 0020 unistr: .. [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c offset: 00000010 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 spoolss_io_r_enumprinters [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr: 083ce030 [2006/01/31 11:38:32, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 prs_rpcbuffer [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 size: 000000ec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f4 needed: 000000ec [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 00f8 returned: 00000002 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_werror(728) 00fc status: WERR_OK [2006/01/31 11:38:32, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called spoolss successfully [2006/01/31 11:38:32, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 2012 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 296 [2006/01/31 11:38:32, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7027 name: spoolss len: 4280 [2006/01/31 11:38:32, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(981) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 256. [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0118 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000100 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2006/01/31 11:38:32, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2006/01/31 11:38:32, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..280] [2006/01/31 11:38:32, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:32, 5] lib/util.c:show_msg(457) size=336 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 280 (0x118) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 280 (0x118) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=281 [2006/01/31 11:38:32, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 18 01 00 00 07 00 00 ........ ........ [010] 00 00 01 00 00 00 00 00 00 30 E0 3C 08 EC 00 00 ........ .0.<.... [020] 00 00 00 80 00 C6 00 00 00 A4 00 00 00 A2 00 00 ........ ........ [030] 00 00 00 80 00 34 00 00 00 12 00 00 00 10 00 00 .....4.. ........ [040] 00 00 00 5C 00 5C 00 62 00 64 00 2D 00 73 00 31 ...\.\.b .d.-.s.1 [050] 00 5C 00 70 00 72 00 69 00 6E 00 74 00 65 00 72 .\.p.r.i .n.t.e.r [060] 00 31 00 00 00 5C 00 5C 00 62 00 64 00 2D 00 73 .1...\.\ .b.d.-.s [070] 00 31 00 5C 00 70 00 72 00 69 00 6E 00 74 00 65 .1.\.p.r .i.n.t.e [080] 00 72 00 31 00 2C 00 48 00 50 00 20 00 43 00 6F .r.1.,.H .P. .C.o [090] 00 6C 00 6F 00 72 00 20 00 4C 00 61 00 73 00 65 .l.o.r. .L.a.s.e [0A0] 00 72 00 4A 00 65 00 74 00 20 00 34 00 37 00 30 .r.J.e.t . .4.7.0 [0B0] 00 30 00 20 00 50 00 43 00 4C 00 20 00 36 00 2C .0. .P.C .L. .6., [0C0] 00 00 00 00 00 5C 00 5C 00 62 00 64 00 2D 00 73 .....\.\ .b.d.-.s [0D0] 00 31 00 5C 00 43 00 6C 00 75 00 73 00 74 00 65 .1.\.C.l .u.s.t.e [0E0] 00 72 00 31 00 00 00 5C 00 5C 00 62 00 64 00 2D .r.1...\ .\.b.d.- [0F0] 00 73 00 31 00 5C 00 43 00 6C 00 75 00 73 00 74 .s.1.\.C .l.u.s.t [100] 00 65 00 72 00 31 00 2C 00 2C 00 00 00 EC 00 00 .e.r.1., .,...... [110] 00 02 00 00 00 00 00 00 00 ........ . [2006/01/31 11:38:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 41 [2006/01/31 11:38:33, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x29 [2006/01/31 11:38:33, 3] smbd/process.c:process_smb(1114) Transaction 15 of length 45 [2006/01/31 11:38:33, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:33, 5] lib/util.c:show_msg(457) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=16 smt_wct=3 smb_vwv[ 0]=28711 (0x7027) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/01/31 11:38:33, 3] smbd/process.c:switch_message(900) switch message SMBclose (pid 6816) conn 0x83ec200 [2006/01/31 11:38:33, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/31 11:38:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7027 [2006/01/31 11:38:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) pipe name spoolss pnum=7027 (pipes_open=1) [2006/01/31 11:38:33, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:7027 [2006/01/31 11:38:33, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe spoolss [2006/01/31 11:38:33, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name spoolss pnum=7027 (pipes_open=0) [2006/01/31 11:38:33, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:33, 5] lib/util.c:show_msg(457) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=16 smt_wct=0 smb_bcc=0 [2006/01/31 11:38:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 35 [2006/01/31 11:38:33, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x23 [2006/01/31 11:38:33, 3] smbd/process.c:process_smb(1114) Transaction 16 of length 39 [2006/01/31 11:38:33, 5] lib/util.c:show_msg(454) [2006/01/31 11:38:33, 5] lib/util.c:show_msg(457) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6815 smb_uid=101 smb_mid=17 smt_wct=0 smb_bcc=0 [2006/01/31 11:38:33, 3] smbd/process.c:switch_message(900) switch message SMBtdis (pid 6816) conn 0x83ec200 [2006/01/31 11:38:33, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/31 11:38:33, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/01/31 11:38:33, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups