The Samba-Bugzilla – Attachment 1971 Details for
Bug 3848
Join by Windows XP clients fail
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
3.0.23rc3 level 10 log domain join by XP client
log.smbd-3.0.23-addmachinetodomain (text/plain), 732.08 KB, created by
Wilco Baan Hofman
on 2006-06-20 11:36:38 UTC
(
hide
)
Description:
3.0.23rc3 level 10 log domain join by XP client
Filename:
MIME Type:
Creator:
Wilco Baan Hofman
Created:
2006-06-20 11:36:38 UTC
Size:
732.08 KB
patch
obsolete
> NT user token: (NULL) >[2006/06/20 18:19:16, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:16, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:16, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2006/06/20 18:19:16, 3] smbd/server.c:exit_server_common(675) > Server exit (normal exit) >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 16 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 16 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 8192 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 8192 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 16 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 16 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 8192 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 8192 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:33, 3] smbd/oplock.c:init_oplocks(860) > open_oplock_ipc: initializing messages. >[2006/06/20 18:19:33, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) > Linux kernel oplocks enabled >[2006/06/20 18:19:33, 4] lib/time.c:TimeInit(136) > TimeInit: Serverzone is -7200 >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 133 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x85 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 0 of length 137 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 > [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for > [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. > [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM > [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 > [060] 32 00 2. >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBnegprot (pid 16708) conn 0x0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN1.0] >[2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [Windows for Workgroups 3.1a] >[2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LM1.2X002] >[2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN2.1] >[2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [NT LM 0.12] >[2006/06/20 18:19:33, 10] lib/util.c:set_remote_arch(2190) > set_remote_arch: Client arch is 'Win2K' >[2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:33, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:33, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(579) > Selected protocol NT LM 0.12 >[2006/06/20 18:19:33, 5] smbd/negprot.c:reply_negprot(585) > negprot index=5 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=17408 (0x4400) > smb_vwv[ 8]= 65 (0x41) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=37592 (0x92D8) > smb_vwv[13]=34128 (0x8550) > smb_vwv[14]=50836 (0xC694) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 73 65 72 76 65 72 00 00 00 00 00 00 00 00 00 00 server.. ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 236 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xec >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 1 of length 240 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=236 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 236 (0xEC) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 74 (0x4A) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=177 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* > [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... > [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n > [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 > [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c > [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 > [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i > [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 > [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... > [0B0] 00 . >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 16708) conn 0x0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X(844) > wct=12 flg2=0xc807 >[2006/06/20 18:19:33, 2] smbd/sesssetup.c:setup_new_vc_session(794) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(655) > Doing spnego session setup >[2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(686) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2006/06/20 18:19:33, 10] lib/util.c:set_remote_arch(2190) > set_remote_arch: Client arch is 'WinXP' >[2006/06/20 18:19:33, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 100 >[2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_spnego_negotiate(550) > Got secblob of size 40 >[2006/06/20 18:19:33, 5] auth/auth.c:make_auth_context_subsystem(484) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend sam >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'sam' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend sam_ignoredomain >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'sam_ignoredomain' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend unix >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'unix' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend winbind >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'winbind' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend smbserver >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'smbserver' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend trustdomain >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'trustdomain' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend ntdomain >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'ntdomain' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend guest >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'guest' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend fixed_challenge >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'fixed_challenge' >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend name_to_ntstatus >[2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'name_to_ntstatus' >[2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(391) > load_auth_module: Attempting to find an auth method to match guest >[2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(416) > load_auth_module: auth method guest has a valid init >[2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(391) > load_auth_module: Attempting to find an auth method to match sam >[2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(416) > load_auth_module: auth method sam has a valid init >[2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(391) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(391) > load_auth_module: Attempting to find an auth method to match trustdomain >[2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(416) > load_auth_module: auth method trustdomain has a valid init >[2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(416) > load_auth_module: auth method winbind has a valid init >[2006/06/20 18:19:33, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe2088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(97) > auth_get_challenge: module guest did not want to specify a challenge >[2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(97) > auth_get_challenge: module sam did not want to specify a challenge >[2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(97) > auth_get_challenge: module winbind did not want to specify a challenge >[2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(137) > auth_context challenge created by random >[2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(138) > challenge is: >[2006/06/20 18:19:33, 5] lib/util.c:dump_data(2215) > [000] 63 33 3E 83 A6 80 CF 81 c3>..... >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=306 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=64 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 205 (0xCD) > smb_bcc=263 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] A1 81 CA 30 81 C7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 B1 04 81 AE 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 95 82 89 E2 63 33 3E 83 A6 80 CF 81 00 .......c 3>...... > [040] 00 00 00 00 00 00 00 70 00 70 00 3E 00 00 00 41 .......p .p.>...A > [050] 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 02 00 0E .N.D.O.L .A.N.... > [060] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 01 .A.N.D.O .L.A.N.. > [070] 00 0C 00 53 00 45 00 52 00 56 00 45 00 52 00 04 ...S.E.R .V.E.R.. > [080] 00 1A 00 6D 00 75 00 6C 00 6F 00 63 00 6B 00 32 ...m.u.l .o.c.k.2 > [090] 00 30 00 30 00 30 00 2E 00 6E 00 6C 00 03 00 28 .0.0.0.. .n.l...( > [0A0] 00 73 00 65 00 72 00 76 00 65 00 72 00 2E 00 6D .s.e.r.v .e.r...m > [0B0] 00 75 00 6C 00 6F 00 63 00 6B 00 32 00 30 00 30 .u.l.o.c .k.2.0.0 > [0C0] 00 30 00 2E 00 6E 00 6C 00 00 00 00 00 55 00 6E .0...n.l .....U.n > [0D0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a > [0E0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 33 00 72 . .3...0 ...2.3.r > [0F0] 00 63 00 33 00 00 00 41 00 4E 00 44 00 4F 00 4C .c.3...A .N.D.O.L > [100] 00 41 00 4E 00 00 00 .A.N... >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 350 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x15e >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 2 of length 354 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=350 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=128 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 350 (0x15E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 188 (0xBC) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=291 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] A1 81 B9 30 81 B6 A2 81 B3 04 81 B0 4E 54 4C 4D ...0.... ....NTLM > [010] 53 53 50 00 03 00 00 00 18 00 18 00 70 00 00 00 SSP..... ....p... > [020] 18 00 18 00 88 00 00 00 0E 00 0E 00 48 00 00 00 ........ ....H... > [030] 10 00 10 00 56 00 00 00 0A 00 0A 00 66 00 00 00 ....V... ....f... > [040] 10 00 10 00 A0 00 00 00 15 82 88 E2 05 01 28 0A ........ ......(. > [050] 00 00 00 0F 41 00 4E 00 44 00 4F 00 4C 00 41 00 ....A.N. D.O.L.A. > [060] 4E 00 61 00 6E 00 64 00 6F 00 62 00 75 00 72 00 N.a.n.d. o.b.u.r. > [070] 67 00 77 00 73 00 30 00 33 00 35 00 F1 02 10 6E g.w.s.0. 3.5....n > [080] C0 DF 9A 6F 00 00 00 00 00 00 00 00 00 00 00 00 ...o.... ........ > [090] 00 00 00 00 E7 DA A9 11 CC F6 F3 D0 7D CA 4A 8A ........ ....}.J. > [0A0] 05 12 B2 8B EF 3F 47 69 6A 1E D4 06 BC F8 D4 DB .....?Gi j....... > [0B0] A5 66 D4 89 D0 FB 83 EB 9B CB 4D 9F 00 57 00 69 .f...... ..M..W.i > [0C0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 > [0D0] 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 .0.2. .S .e.r.v.i > [0E0] 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 .c.e. .P .a.c.k. > [0F0] 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 .2. .2.6 .0.0...W > [100] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 > [110] 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 .0.0.2. .5...1.. > [120] 00 00 00 ... >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 16708) conn 0x0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X(844) > wct=12 flg2=0xc807 >[2006/06/20 18:19:33, 2] smbd/sesssetup.c:setup_new_vc_session(794) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(655) > Doing spnego session setup >[2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(686) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2006/06/20 18:19:33, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) > Got user=[andoburg] domain=[ANDOLAN] workstation=[ws035] len1=24 len2=24 >[2006/06/20 18:19:33, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) > auth_context challenge set by NTLMSSP callback (NTLM2) >[2006/06/20 18:19:33, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) > challenge is: >[2006/06/20 18:19:33, 5] lib/util.c:dump_data(2215) > [000] FA 85 1A F1 42 61 DF A1 ....Ba.. >[2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:33, 5] auth/auth_util.c:make_user_info_map(162) > make_user_info_map: Mapping user [ANDOLAN]\[andoburg] from workstation [ws035] >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 5] auth/auth_util.c:is_trusted_domain(1934) > is_trusted_domain: Checking for domain trust with [ANDOLAN] >[2006/06/20 18:19:33, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) > secrets_fetch failed! >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = TDOM/ANDOLAN couldn't be found >[2006/06/20 18:19:33, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain ANDOLAN found. >[2006/06/20 18:19:33, 5] auth/auth_util.c:make_user_info(76) > attempting to make a user_info for andoburg (andoburg) >[2006/06/20 18:19:33, 5] auth/auth_util.c:make_user_info(86) > making strings for andoburg's user_info struct >[2006/06/20 18:19:33, 5] auth/auth_util.c:make_user_info(118) > making blobs for andoburg's user_info struct >[2006/06/20 18:19:33, 10] auth/auth_util.c:make_user_info(136) > made an encrypted user_info for andoburg (andoburg) >[2006/06/20 18:19:33, 3] auth/auth.c:check_ntlm_password(221) > check_ntlm_password: Checking password for unmapped user [ANDOLAN]\[andoburg]@[ws035] with the new password interface >[2006/06/20 18:19:33, 3] auth/auth.c:check_ntlm_password(224) > check_ntlm_password: mapped user is: [ANDOLAN]\[andoburg]@[ws035] >[2006/06/20 18:19:33, 10] auth/auth.c:check_ntlm_password(233) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2006/06/20 18:19:33, 10] auth/auth.c:check_ntlm_password(235) > challenge is: >[2006/06/20 18:19:33, 5] lib/util.c:dump_data(2215) > [000] FA 85 1A F1 42 61 DF A1 ....Ba.. >[2006/06/20 18:19:33, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: guest had nothing to say >[2006/06/20 18:19:33, 8] lib/util.c:is_myname(2036) > is_myname("ANDOLAN") returns 0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=andoburg)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_close(1080) > The connection to the LDAP server was closed >[2006/06/20 18:19:33, 10] lib/smbldap.c:smb_ldap_setup_conn(632) > smb_ldap_setup_connection: ldap://localhost >[2006/06/20 18:19:33, 2] lib/smbldap.c:smbldap_open_connection(788) > smbldap_open_connection: connection opened >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_connect_system(947) > ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=andolan" >[2006/06/20 18:19:33, 3] lib/smbldap.c:smbldap_connect_system(992) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2006/06/20 18:19:33, 4] lib/smbldap.c:smbldap_open(1060) > The LDAP server is succesfully connected >[2006/06/20 18:19:33, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) > init_sam_from_ldap: Entry found for user: andoburg >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username andoburg, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) > pdb_set_nt_username: setting nt username andoburg, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name AndoBurg B.V., was >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2006/06/20 18:19:33, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2006/06/20 18:19:33, 5] passdb/login_cache.c:login_cache_init(41) > Opening cache file at /var/lib/samba/login_cache.tdb >[2006/06/20 18:19:33, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user andoburg >[2006/06/20 18:19:33, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2006/06/20 18:19:33, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) > No cache entry, bad count = 0, bad time = 0 >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:33, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username andoburg, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) > pdb_set_nt_username: setting nt username andoburg, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name AndoBurg B.V., was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_workstations(820) > pdb_set_workstations: setting workstations , was >[2006/06/20 18:19:33, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:19:33, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 from rid 3002 >[2006/06/20 18:19:33, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1455) > lookup_global_sam_rid: looking up RID 513. >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-513)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2969752157-892696647-4271518216-513] count=0 >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2969752157-892696647-4271518216-513))], scope => [2] >[2006/06/20 18:19:33, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) > init_group_from_ldap: Entry found for group: 10000 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 10] passdb/lookup_sid.c:sid_to_gid(1296) > sid_to_gid: S-1-5-21-2969752157-892696647-4271518216-513 -> 10000 >[2006/06/20 18:19:33, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) > store_gid_sid_cache: gid 10000 in cache -> S-1-5-21-2969752157-892696647-4271518216-513 >[2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_group_sid(564) > pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-513 >[2006/06/20 18:19:33, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-2969752157-892696647-4271518216-513 from rid 513 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 9] passdb/passdb.c:pdb_update_autolock_flag(1406) > pdb_update_autolock_flag: Account andoburg not autolocked, no check needed >[2006/06/20 18:19:33, 4] libsmb/ntlm_check.c:ntlm_password_check(326) > ntlm_password_check: Checking NT MD4 password >[2006/06/20 18:19:33, 4] auth/auth_sam.c:sam_account_ok(138) > sam_account_ok: Checking SMB password for user andoburg >[2006/06/20 18:19:33, 5] auth/auth_sam.c:logon_hours_ok(120) > logon_hours_ok: user andoburg allowed to logon at this time (Tue Jun 20 16:19:33 2006 > ) >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 10] lib/util_pw.c:getpwnam_alloc(76) > Got andoburg from pwnam_cache >[2006/06/20 18:19:33, 10] lib/util_pw.c:getpwnam_alloc(76) > Got andoburg from pwnam_cache >[2006/06/20 18:19:33, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [andoburg] >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:33, 10] passdb/lookup_sid.c:gid_to_sid(1128) > gid_to_sid: local 1001 -> S-1-22-2-1001 >[2006/06/20 18:19:33, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) > store_gid_sid_cache: gid 1001 in cache -> S-1-22-2-1001 >[2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979) > fetch sid from gid cache 0 -> S-1-22-2-0 >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10001))], scope => [2] >[2006/06/20 18:19:33, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) > init_group_from_ldap: Entry found for group: 10001 >[2006/06/20 18:19:33, 10] passdb/lookup_sid.c:gid_to_sid(1128) > gid_to_sid: local 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:19:33, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) > store_gid_sid_cache: gid 10001 in cache -> S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:19:33, 5] auth/auth_util.c:make_server_info_sam(603) > make_server_info_sam: made server info for user andoburg -> andoburg >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 3] auth/auth.c:check_ntlm_password(270) > check_ntlm_password: sam authentication for user [andoburg] succeeded >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth.c:check_ntlm_password(296) > check_ntlm_password: PAM Account for user [andoburg] succeeded >[2006/06/20 18:19:33, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [andoburg] -> [andoburg] -> [andoburg] succeeded >[2006/06/20 18:19:33, 5] auth/auth_util.c:free_user_info(1784) > attempting to free (and zero) a user_info structure >[2006/06/20 18:19:33, 10] auth/auth_util.c:free_user_info(1788) > structure was created for andoburg >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-3002)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-1001)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-512)))], scope => [2] >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-3002)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-1001)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-512)))], scope => [2] >[2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-3002] >[2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-513] >[2006/06/20 18:19:33, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-22-2-1001] >[2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2006/06/20 18:19:33, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-5-21-2969752157-892696647-4271518216-512 > Privilege set: > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 10000 -> S-1-5-21-2969752157-892696647-4271518216-513 >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:33, 10] auth/auth_util.c:create_local_token(970) > Could not convert SID S-1-1-0 to gid, ignoring it >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:33, 10] auth/auth_util.c:create_local_token(970) > Could not convert SID S-1-5-2 to gid, ignoring it >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:33, 10] auth/auth_util.c:create_local_token(970) > Could not convert SID S-1-5-11 to gid, ignoring it >[2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 1001 -> S-1-22-2-1001 >[2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 0 -> S-1-22-2-0 >[2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:19:33, 10] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(133) > Got NT session key of length 16 >[2006/06/20 18:19:33, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(140) > Got LM session key of length 16 >[2006/06/20 18:19:33, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) > ntlmssp_server_auth: Created NTLM2 session key. >[2006/06/20 18:19:33, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2006/06/20 18:19:33, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe2088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/06/20 18:19:33, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 101 >[2006/06/20 18:19:33, 10] lib/util_pw.c:getpwnam_alloc(76) > Got andoburg from pwnam_cache >[2006/06/20 18:19:33, 10] smbd/password.c:register_vuid(277) > register_vuid: (1001,1001) andoburg andoburg ANDOLAN guest=0 >[2006/06/20 18:19:33, 3] smbd/password.c:register_vuid(280) > User name: andoburg Real name: AndoBurg B.V. >[2006/06/20 18:19:33, 3] smbd/password.c:register_vuid(301) > UNIX uid 1001 is UNIX user andoburg, and will be vuid 101 >[2006/06/20 18:19:33, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find andoburg >[2006/06/20 18:19:33, 3] smbd/password.c:register_vuid(332) > Adding homes service for user 'andoburg' using home directory: '/home/andoburg' >[2006/06/20 18:19:33, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find homes >[2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=110 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=128 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=67 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 30 00 2E 00 32 00 33 00 72 00 63 00 33 ...0...2 .3.r.c.3 > [030] 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E ...A.N.D .O.L.A.N > [040] 00 00 00 ... >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 78 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x4e >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 3 of length 82 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=78 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=192 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 78 (0x4E) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=35 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 .\.\.S.E .R.V.E.R > [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? > [020] 3F 3F 00 ??. >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 16708) conn 0x0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:33, 4] smbd/reply.c:reply_tcon_and_X(666) > Client requested device type [?????] for share [IPC$] >[2006/06/20 18:19:33, 5] smbd/service.c:make_connection(1111) > making a connection to 'normal' service ipc$ >[2006/06/20 18:19:33, 10] smbd/share_access.c:user_ok_token(225) > user_ok_token: share IPC$ is ok for unix user andoburg >[2006/06/20 18:19:33, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user andoburg >[2006/06/20 18:19:33, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is andoburg >[2006/06/20 18:19:33, 10] lib/util_pw.c:getpwnam_alloc(76) > Got andoburg from pwnam_cache >[2006/06/20 18:19:33, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [andoburg]! >[2006/06/20 18:19:33, 10] smbd/service.c:set_conn_connectpath(122) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2006/06/20 18:19:33, 3] smbd/service.c:make_connection_snum(752) > Connect path is '/tmp' for service [IPC$] >[2006/06/20 18:19:33, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2006/06/20 18:19:33, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2006/06/20 18:19:33, 3] smbd/vfs.c:vfs_init_default(219) > Initialising default vfs hooks >[2006/06/20 18:19:33, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2006/06/20 18:19:33, 10] smbd/share_access.c:user_ok_token(225) > user_ok_token: share IPC$ is ok for unix user andoburg >[2006/06/20 18:19:33, 10] smbd/share_access.c:is_share_read_only_for_token(267) > is_share_read_only_for_user: share IPC$ is read-only for unix user andoburg >[2006/06/20 18:19:33, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2006/06/20 18:19:33, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2006/06/20 18:19:33, 3] lib/util_sid.c:string_to_sid(223) > string_to_sid: Sid @root does not start with 'S-'. >[2006/06/20 18:19:33, 5] smbd/password.c:user_in_netgroup(423) > Unable to get default yp domain >[2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] >[2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/service.c:make_connection_snum(941) > ws035 (192.168.68.22) connect to service IPC$ initially as user andoburg (uid=0, gid=1001) (pid 16708) >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:33, 2] smbd/reply.c:reply_tcon_and_X(709) > Serving IPC$ as a Dfs root >[2006/06/20 18:19:33, 3] smbd/reply.c:reply_tcon_and_X(714) > tconX service=IPC$ >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=192 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3 (0x3) > smb_bcc=7 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 100 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x64 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 4 of length 104 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 4] smbd/vfs.c:vfs_ChDir(741) > vfs_ChDir to /tmp >[2006/06/20 18:19:33, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/06/20 18:19:33, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \lsarpc. >[2006/06/20 18:19:33, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe lsarpc opening. >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe lsarpc (pipes_open=0) >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 7151 (pipes_open=1) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7151 >[2006/06/20 18:19:33, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=256 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=20736 (0x5100) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 136 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x88 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 5 of length 140 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29009 (0x7151) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBwriteX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7151 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=1) >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7151 name: lsarpc open: Yes len: 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) > api_pipe_bind_req: decode request. 1520 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 12345778 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 1234 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : abcd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : ef 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 01 23 45 67 89 ab >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000000 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) > api_pipe_bind_req: make response. 1573 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe.c:check_bind_req(982) > check_bind_req for \PIPE\lsarpc >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\lsass. >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/06/20 18:19:33, 3] smbd/pipes.c:reply_pipe_write_and_X(217) > writeX-IPC pnum=7151 nwritten=72 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=320 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 59 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x3b >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 6 of length 63 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29009 (0x7151) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBreadX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7151 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=1) >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7151 name: lsarpc len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:19:33, 3] smbd/pipes.c:reply_pipe_read_and_X(262) > readX-IPC pnum=7151 min=1024 max=1024 nread=68 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 172 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xac >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 7 of length 176 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29009 (0x7151) > smb_bcc=105 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [020] 00 40 00 00 00 00 00 2C 00 08 39 B0 02 09 00 00 .@....., ..9..... > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E > [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 18 00 00 .R.V.E.R ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 02 ........ . >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=88 params=0 setup=2 >[2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7151 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=1) >[2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7151) >[2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8496d80 max_trans_reply: 1024 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7151 name: lsarpc open: Yes len: 88 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 88 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000040 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 002c >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 70 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\lsarpc >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x8153a58 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol2 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr : 02b03908 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000009 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000009 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.S.E.R.V.E.R... >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000022 lsa_io_obj_attr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 len : 00000018 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 ptr_root_dir: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c ptr_obj_name: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 attributes : 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 ptr_sec_desc: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 ptr_sec_qos : 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c des_access: 02000000 >[2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol2 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000001 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called lsarpc successfully >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 818 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 72 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7151 name: lsarpc len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 15 20 98 44 44 41 00 00 00 00 00 ...... . DDA..... > [030] 00 . >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 130 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x82 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 8 of length 134 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29009 (0x7151) > smb_bcc=63 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 0C 00 ...... . DDA.... >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7151 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=1) >[2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7151) >[2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8496d80 max_trans_reply: 1024 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7151 name: lsarpc open: Yes len: 46 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 46 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000016 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 002e >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\lsarpc >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: lsarpc op 0x2e - unknown >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 23 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0020 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_hdr_fault fault >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(793) > 0018 status : DCERPC_FAULT_OP_RNG_ERROR >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c reserved: 00000000 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 30 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7151 name: lsarpc len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 130 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x82 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 9 of length 134 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29009 (0x7151) > smb_bcc=63 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 03 00 ...... . DDA.... >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7151 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=1) >[2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7151) >[2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8496d80 max_trans_reply: 1024 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7151 name: lsarpc open: Yes len: 46 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 46 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000016 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0007 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\lsarpc >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[2].fn == 0x8153e9a >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000001 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 info_class: 0003 >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 dom_ptr: 22000000 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 lsa_io_query_info_ctr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 info_class: 0003 >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000006 lsa_io_dom_query_3 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 uni_dom_max_len: 000e >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a uni_dom_str_len: 0010 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buffer_dom_name: 00000001 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 buffer_dom_sid : 00000001 >[2006/06/20 18:19:33, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 uni_max_len: 00000008 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 offset : 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_str_len: 00000007 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0020 buffer : A.N.D.O.L.A.N. >[2006/06/20 18:19:33, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_dom_sid2 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 num_auths: 00000004 >[2006/06/20 18:19:33, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_dom_sid sid >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0034 sid_rev_num: 01 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0035 num_auths : 04 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0036 id_auth[0] : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0037 id_auth[1] : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0038 id_auth[2] : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0039 id_auth[3] : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003a id_auth[4] : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003b id_auth[5] : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 003c sub_auths : 00000015 b102d25d 35357847 fe9a3208 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 004c status: NT_STATUS_OK >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called lsarpc successfully >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 30 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7151 name: lsarpc len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0068 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000050 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .P...... ...."... > [020] 00 0E 00 10 00 01 00 00 00 01 00 00 00 08 00 00 ........ ........ > [030] 00 00 00 00 00 07 00 00 00 41 00 4E 00 44 00 4F ........ .A.N.D.O > [040] 00 4C 00 41 00 4E 00 00 00 04 00 00 00 01 04 00 .L.A.N.. ........ > [050] 00 00 00 00 05 15 00 00 00 5D D2 02 B1 47 78 35 ........ .]...Gx5 > [060] 35 08 32 9A FE 00 00 00 00 5.2..... . >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 100 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x64 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 10 of length 104 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=640 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [010] 00 . >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/06/20 18:19:33, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \winreg. >[2006/06/20 18:19:33, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe winreg opening. >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested winreg (pipes_open=1) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name lsarpc pnum=7151 >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested winreg >[2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe winreg >[2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe winreg (pipes_open=1) >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe winreg with handle 7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name winreg pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7151 >[2006/06/20 18:19:33, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \winreg >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=640 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=20992 (0x5200) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 136 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x88 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 11 of length 140 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=704 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29010 (0x7152) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBwriteX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7152 name: winreg open: Yes len: 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) > api_pipe_bind_req: decode request. 1520 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 338cd001 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 2244 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : 31f1 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : aa aa >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 90 00 38 00 10 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000001 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) > api_pipe_bind_req: make response. 1573 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe.c:check_bind_req(982) > check_bind_req for \PIPE\winreg >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\samr >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\NETLOGON >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\srvsvc >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\wkssvc >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\winreg >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000d >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\winreg. >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000017 smb_io_rpc_results >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/06/20 18:19:33, 3] smbd/pipes.c:reply_pipe_write_and_X(217) > writeX-IPC pnum=7152 nwritten=72 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=704 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 59 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x3b >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 12 of length 63 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=769 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29010 (0x7152) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBreadX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7152 name: winreg len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:19:33, 3] smbd/pipes.c:reply_pipe_read_and_X(262) > readX-IPC pnum=7152 min=1024 max=1024 nread=68 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=769 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 120 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x78 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 13 of length 124 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=833 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29010 (0x7152) > smb_bcc=53 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [020] 00 0C 00 00 00 00 00 02 00 08 F5 14 01 28 D6 01 ........ .....(.. > [030] 00 00 00 00 02 ..... >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=36 params=0 setup=2 >[2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7152) >[2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7152 name: winreg open: Yes len: 36 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 36 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 20 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 20 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000000c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0002 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 70 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[3].fn == 0x815bc93 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_open_hive >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 0114f508 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 server: d628 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 access: 02000000 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_open(265) > regdb_open: refcount reset (1) >[2006/06/20 18:19:33, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM] >[2006/06/20 18:19:33, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM] >[2006/06/20 18:19:33, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM] >[2006/06/20 18:19:33, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2006/06/20 18:19:33, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-22-1-0. >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_open_hive >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000002 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 510 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 20 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7152 name: winreg len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=833 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 15 20 98 44 44 41 00 00 00 00 00 ...... . DDA..... > [030] 00 . >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 268 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x10c >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 14 of length 272 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=897 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 184 (0xB8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29010 (0x7152) > smb_bcc=201 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ > [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 6E 00 6E ...... . DDA..n.n > [040] 00 30 7A E1 76 37 00 00 00 00 00 00 00 37 00 00 .0z.v7.. .....7.. > [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C > [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o > [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t > [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e > [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g > [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m > [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 62 .e.t.e.r .s.\...b > [0C0] F5 00 00 00 00 19 00 02 00 ........ . >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=184 params=0 setup=2 >[2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7152) >[2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7152 name: winreg open: Yes len: 184 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 184 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 168 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00b8 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 168 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 000000a0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 000f >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[1].fn == 0x815bf39 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_open_entry >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000002 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 length: 006e >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size: 006e >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 76e17a30 >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 00000037 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 00000037 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 unknown_0 : 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c access: 00020019 >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (1) >[2006/06/20 18:19:33, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:19:33, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2006/06/20 18:19:33, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2006/06/20 18:19:33, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2006/06/20 18:19:33, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00020019, for NT token with 6 entries and first sid S-1-22-1-0. >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 >[2006/06/20 18:19:33, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (20019) granted. >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_open_entry >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd handle >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000003 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 634 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 168 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7152 name: winreg len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=897 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [020] 00 00 00 00 00 15 20 98 44 44 41 00 00 00 00 00 ...... . DDA..... > [030] 00 . >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 232 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xe8 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 15 of length 236 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=961 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 148 (0x94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 148 (0x94) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29010 (0x7152) > smb_bcc=165 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........ > [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........ > [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 2A 00 2A ...... . DDA..*.* > [040] 00 04 7A E1 76 15 00 00 00 00 00 00 00 15 00 00 ..z.v... ........ > [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a > [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h > [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 64 F5 14 .a.n.g.e ...S.d.. > [080] 01 94 F5 14 01 94 F5 14 01 04 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 5C F5 14 01 04 00 00 00 54 F5 14 .....\.. .....T.. > [0A0] 01 00 00 00 00 ..... >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=148 params=0 setup=2 >[2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7152) >[2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7152 name: winreg open: Yes len: 148 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 148 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 132 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0094 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 132 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000007c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0011 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[10].fn == 0x815c025 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_query_value >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000003 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 length: 002a >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size: 002a >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 76e17a04 >[2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 00000015 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 00000015 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 ptr_reserved: 0114f564 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_buf: 0114f594 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c ptr_bufsize: 0114f594 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 bufsize: 00000004 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buf_unk: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 unk1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c ptr_buflen: 0114f55c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 buflen: 00000004 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 ptr_buflen2: 0114f554 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buflen2: 00000000 >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) > _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:19:33, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) > _reg_info: policy key type = [00000000] >[2006/06/20 18:19:33, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) > _reg_info: looking up value: [RefusePasswordChange] >[2006/06/20 18:19:33, 8] registry/reg_frontend.c:fetch_reg_values_specific(283) > fetch_reg_values_specific: Initializing cache of values for [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_fetch_values(563) > regdb_fetch_values: Looking for value of key [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:19:33, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: refuse machine password change, val: 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) > _reg_info: Testing value [RefusePasswordChange] >[2006/06/20 18:19:33, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) > _reg_info: Found match for value [RefusePasswordChange] >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_query_value >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: f000baaa >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type: 00000004 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 ptr: f000baaa >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_regval_buffer value >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buf_max_len: 00000004 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 offset : 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 buf_len : 00000004 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0018 buffer : .... >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c ptr: f000baaa >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 buf_max_len: 00000004 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 ptr: f000baaa >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 buf_len: 00000004 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) > 002c status: WERR_OK >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 90 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 132 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7152 name: winreg len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000030 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..72] >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=961 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... > [010] 00 30 00 00 00 00 00 00 00 AA BA 00 F0 04 00 00 .0...... ........ > [020] 00 AA BA 00 F0 04 00 00 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 AA BA 00 F0 04 00 00 00 AA BA 00 ........ ........ > [040] F0 04 00 00 00 00 00 00 00 ........ . >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 16 of length 132 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1025 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29010 (0x7152) > smb_bcc=61 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 ...... . DDA.. >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7152) >[2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7152 name: winreg open: Yes len: 44 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0005 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x815bb9c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_close >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000003 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (1) >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_close >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7152 name: winreg len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1025 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 17 of length 132 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1089 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29010 (0x7152) > smb_bcc=61 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 ...... . DDA.. >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7152) >[2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7152 name: winreg open: Yes len: 44 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0005 >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x815bb9c >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_close >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000002 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:33, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (0) >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_close >[2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7152 name: winreg len: 1024 >[2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1089 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x29 >[2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) > Transaction 18 of length 45 >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1153 > smt_wct=3 > smb_vwv[ 0]=29010 (0x7152) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7152 >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7152 (pipes_open=2) >[2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:33, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7152 >[2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe winreg >[2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name winreg pnum=7152 (pipes_open=1) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1153 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x68 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 19 of length 108 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1217 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >[2006/06/20 18:19:34, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \NETLOGON. >[2006/06/20 18:19:34, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe NETLOGON opening. >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested NETLOGON (pipes_open=1) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name lsarpc pnum=7151 >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested NETLOGON >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe NETLOGON >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe NETLOGON (pipes_open=1) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe NETLOGON with handle 7153 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name NETLOGON pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7151 >[2006/06/20 18:19:34, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1217 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=21248 (0x5300) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 136 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x88 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 20 of length 140 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1281 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29011 (0x7153) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. > [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBwriteX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name NETLOGON pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7153 name: NETLOGON open: Yes len: 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) > api_pipe_bind_req: decode request. 1520 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 12345678 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 1234 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : abcd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : ef 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 01 23 45 67 cf fb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000001 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) > api_pipe_bind_req: make response. 1573 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:check_bind_req(982) > check_bind_req for \PIPE\NETLOGON >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\samr >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\NETLOGON >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\lsass. >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_write_and_X(217) > writeX-IPC pnum=7153 nwritten=72 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1281 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 59 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x3b >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 21 of length 63 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1345 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29011 (0x7153) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBreadX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name NETLOGON pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7153 name: NETLOGON len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_read_and_X(262) > readX-IPC pnum=7153 min=1024 max=1024 nread=68 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1345 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 176 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xb0 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 22 of length 180 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1409 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 92 (0x5C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29011 (0x7153) > smb_bcc=109 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 5C 00 00 00 01 00 00 ........ .\...... > [020] 00 44 00 00 00 00 00 04 00 38 F4 0E 00 09 00 00 .D...... .8...... > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E > [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 06 00 00 .R.V.E.R ........ > [050] 00 00 00 00 00 06 00 00 00 77 00 73 00 30 00 33 ........ .w.s.0.3 > [060] 00 35 00 00 00 22 42 97 D9 AF 6D C1 66 .5..."B. ..m.f >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=92 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name NETLOGON pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "NETLOGON" (pnum 7153) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7153 name: NETLOGON open: Yes len: 92 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 92 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 76 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 005c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 76 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000044 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0004 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 72 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\NETLOGON >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x816b6c8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 000ef438 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000009 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000009 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.S.E.R.V.E.R... >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000022 smb_io_unistr2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000006 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000006 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : w.s.0.3.5... >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00003c smb_io_chal >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data: 22 42 97 d9 af 6d c1 66 >[2006/06/20 18:19:34, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) > init_net_r_req_chal: 41 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 09 a2 e4 28 7b 67 f1 e5 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0008 status: NT_STATUS_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called NETLOGON successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 30 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 76 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7153 name: NETLOGON len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1409 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 09 A2 E4 28 7B 67 F1 ........ ....({g. > [020] E5 00 00 00 00 ..... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x29 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 23 of length 45 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1473 > smt_wct=3 > smb_vwv[ 0]=29011 (0x7153) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name NETLOGON pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:34, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7153 >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe NETLOGON >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name NETLOGON pnum=7153 (pipes_open=1) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1473 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x68 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 24 of length 108 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1537 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >[2006/06/20 18:19:34, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \NETLOGON. >[2006/06/20 18:19:34, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe NETLOGON opening. >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested NETLOGON (pipes_open=1) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name lsarpc pnum=7151 >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested NETLOGON >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe NETLOGON >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe NETLOGON (pipes_open=1) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe NETLOGON with handle 7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name NETLOGON pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7151 >[2006/06/20 18:19:34, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1537 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=21504 (0x5400) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 136 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x88 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 25 of length 140 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1601 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29012 (0x7154) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. > [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBwriteX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name NETLOGON pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7154 name: NETLOGON open: Yes len: 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) > api_pipe_bind_req: decode request. 1520 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 12345678 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 1234 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : abcd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : ef 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 01 23 45 67 cf fb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000001 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) > api_pipe_bind_req: make response. 1573 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:check_bind_req(982) > check_bind_req for \PIPE\NETLOGON >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\samr >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\NETLOGON >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\lsass. >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_write_and_X(217) > writeX-IPC pnum=7154 nwritten=72 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1601 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 59 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x3b >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 26 of length 63 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1665 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29012 (0x7154) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBreadX (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name NETLOGON pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7154 name: NETLOGON len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_read_and_X(262) > readX-IPC pnum=7154 min=1024 max=1024 nread=68 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1665 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 204 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xcc >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 27 of length 208 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=204 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1729 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 120 (0x78) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29012 (0x7154) > smb_bcc=137 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 78 00 00 00 01 00 00 ........ .x...... > [020] 00 60 00 00 00 00 00 05 00 38 F4 0E 00 09 00 00 .`...... .8...... > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E > [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 07 00 00 .R.V.E.R ........ > [050] 00 00 00 00 00 07 00 00 00 77 00 73 00 30 00 33 ........ .w.s.0.3 > [060] 00 35 00 24 00 00 00 02 00 06 00 00 00 00 00 00 .5.$.... ........ > [070] 00 06 00 00 00 77 00 73 00 30 00 33 00 35 00 00 .....w.s .0.3.5.. > [080] 00 42 5F 8E 06 B2 69 84 C6 .B_...i. . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=120 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name NETLOGON pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "NETLOGON" (pnum 7154) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7154 name: NETLOGON open: Yes len: 120 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 120 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 120 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 120, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 104 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 104 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0078 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 104 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 104, incoming data = 104 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000060 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0005 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 72 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\NETLOGON >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: NETLOGON op 0x5 - api_rpcTNP: rpc command: NET_AUTH >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[1].fn == 0x816b861 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 000ef438 >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000009 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000009 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.S.E.R.V.E.R... >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000022 smb_io_unistr2 unistr2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000007 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000007 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : w.s.0.3.5.$... >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003e sec_chan: 0002 >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unistr2 unistr2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 uni_max_len: 00000006 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_str_len: 00000006 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 004c buffer : w.s.0.3.5... >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_chal >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0058 data: 42 5f 8e 06 b2 69 84 c6 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0008 status: NT_STATUS_ACCESS_DENIED >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called NETLOGON successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 104 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7154 name: NETLOGON len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1729 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 22 00 00 C0 ."... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x29 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 28 of length 45 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1793 > smt_wct=3 > smb_vwv[ 0]=29012 (0x7154) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name NETLOGON pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=2) >[2006/06/20 18:19:34, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7154 >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe NETLOGON >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name NETLOGON pnum=7154 (pipes_open=1) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1793 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 29 of length 132 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1857 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29009 (0x7151) > smb_bcc=61 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 ...... . DDA.. >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7151 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=1) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7151) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8496d80 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7151 name: lsarpc open: Yes len: 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0000 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\lsarpc >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[4].fn == 0x81543a7 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_close >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 15 20 98 44 44 41 00 00 >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D > [010] 44 41 00 00 DA.. >[2006/06/20 18:19:34, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_close >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called lsarpc successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7151 name: lsarpc len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1857 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x29 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 30 of length 45 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1921 > smt_wct=3 > smb_vwv[ 0]=29009 (0x7151) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7151 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7151 (pipes_open=1) >[2006/06/20 18:19:34, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7151 >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name lsarpc pnum=7151 (pipes_open=0) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1921 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 39 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x27 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 31 of length 43 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=1985 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBulogoffX (pid 16708) conn 0x0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 3] smbd/reply.c:reply_ulogoffX(1614) > ulogoffX vuid=101 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=1985 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x23 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 32 of length 39 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2049 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtdis (pid 16708) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 3] smbd/service.c:close_cnum(1136) > ws035 (192.168.68.22) closed connection to service IPC$ >[2006/06/20 18:19:34, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2006/06/20 18:19:34, 4] smbd/vfs.c:vfs_ChDir(741) > vfs_ChDir to / >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2049 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_data(525) > read_data: read of 4 returned 0. Error = Success >[2006/06/20 18:19:34, 10] lib/util_sock.c:receive_smb_raw(672) > receive_smb_raw: length < 0! >[2006/06/20 18:19:34, 3] smbd/process.c:timeout_processing(1361) > timeout_processing: End of file from client (client has disconnected). >[2006/06/20 18:19:34, 5] lib/gencache.c:gencache_shutdown(90) > Closing cache file >[2006/06/20 18:19:34, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2006/06/20 18:19:34, 3] smbd/server.c:exit_server_common(675) > Server exit (normal exit) >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 16 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 16 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 8192 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 8192 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 16 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 16 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 8192 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 8192 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:34, 3] smbd/oplock.c:init_oplocks(860) > open_oplock_ipc: initializing messages. >[2006/06/20 18:19:34, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) > Linux kernel oplocks enabled >[2006/06/20 18:19:34, 4] lib/time.c:TimeInit(136) > TimeInit: Serverzone is -7200 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 133 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x85 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 0 of length 137 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 > [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for > [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. > [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM > [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 > [060] 32 00 2. >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBnegprot (pid 16709) conn 0x0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN1.0] >[2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [Windows for Workgroups 3.1a] >[2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LM1.2X002] >[2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN2.1] >[2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [NT LM 0.12] >[2006/06/20 18:19:34, 10] lib/util.c:set_remote_arch(2190) > set_remote_arch: Client arch is 'Win2K' >[2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:34, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:34, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(579) > Selected protocol NT LM 0.12 >[2006/06/20 18:19:34, 5] smbd/negprot.c:reply_negprot(585) > negprot index=5 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=17664 (0x4500) > smb_vwv[ 8]= 65 (0x41) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=11119 (0x2B6F) > smb_vwv[13]=34129 (0x8551) > smb_vwv[14]=50836 (0xC694) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 73 65 72 76 65 72 00 00 00 00 00 00 00 00 00 00 server.. ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 236 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xec >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 1 of length 240 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=236 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 236 (0xEC) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 74 (0x4A) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=177 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* > [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... > [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n > [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 > [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c > [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 > [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i > [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 > [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... > [0B0] 00 . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 16709) conn 0x0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X(844) > wct=12 flg2=0xc807 >[2006/06/20 18:19:34, 2] smbd/sesssetup.c:setup_new_vc_session(794) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(655) > Doing spnego session setup >[2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(686) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2006/06/20 18:19:34, 10] lib/util.c:set_remote_arch(2190) > set_remote_arch: Client arch is 'WinXP' >[2006/06/20 18:19:34, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 100 >[2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_spnego_negotiate(550) > Got secblob of size 40 >[2006/06/20 18:19:34, 5] auth/auth.c:make_auth_context_subsystem(484) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend sam >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'sam' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend sam_ignoredomain >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'sam_ignoredomain' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend unix >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'unix' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend winbind >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'winbind' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend smbserver >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'smbserver' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend trustdomain >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'trustdomain' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend ntdomain >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'ntdomain' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend guest >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'guest' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend fixed_challenge >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'fixed_challenge' >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) > Attempting to register auth backend name_to_ntstatus >[2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) > Successfully added auth method 'name_to_ntstatus' >[2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(391) > load_auth_module: Attempting to find an auth method to match guest >[2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(416) > load_auth_module: auth method guest has a valid init >[2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(391) > load_auth_module: Attempting to find an auth method to match sam >[2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(416) > load_auth_module: auth method sam has a valid init >[2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(391) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(391) > load_auth_module: Attempting to find an auth method to match trustdomain >[2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(416) > load_auth_module: auth method trustdomain has a valid init >[2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(416) > load_auth_module: auth method winbind has a valid init >[2006/06/20 18:19:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe2088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(97) > auth_get_challenge: module guest did not want to specify a challenge >[2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(97) > auth_get_challenge: module sam did not want to specify a challenge >[2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(97) > auth_get_challenge: module winbind did not want to specify a challenge >[2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(137) > auth_context challenge created by random >[2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(138) > challenge is: >[2006/06/20 18:19:34, 5] lib/util.c:dump_data(2215) > [000] 9C 47 EB 10 4F D6 79 9E .G..O.y. >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=306 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=64 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 205 (0xCD) > smb_bcc=263 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] A1 81 CA 30 81 C7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 B1 04 81 AE 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 95 82 89 E2 9C 47 EB 10 4F D6 79 9E 00 ........ G..O.y.. > [040] 00 00 00 00 00 00 00 70 00 70 00 3E 00 00 00 41 .......p .p.>...A > [050] 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 02 00 0E .N.D.O.L .A.N.... > [060] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 01 .A.N.D.O .L.A.N.. > [070] 00 0C 00 53 00 45 00 52 00 56 00 45 00 52 00 04 ...S.E.R .V.E.R.. > [080] 00 1A 00 6D 00 75 00 6C 00 6F 00 63 00 6B 00 32 ...m.u.l .o.c.k.2 > [090] 00 30 00 30 00 30 00 2E 00 6E 00 6C 00 03 00 28 .0.0.0.. .n.l...( > [0A0] 00 73 00 65 00 72 00 76 00 65 00 72 00 2E 00 6D .s.e.r.v .e.r...m > [0B0] 00 75 00 6C 00 6F 00 63 00 6B 00 32 00 30 00 30 .u.l.o.c .k.2.0.0 > [0C0] 00 30 00 2E 00 6E 00 6C 00 00 00 00 00 55 00 6E .0...n.l .....U.n > [0D0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a > [0E0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 33 00 72 . .3...0 ...2.3.r > [0F0] 00 63 00 33 00 00 00 41 00 4E 00 44 00 4F 00 4C .c.3...A .N.D.O.L > [100] 00 41 00 4E 00 00 00 .A.N... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 350 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x15e >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 2 of length 354 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=350 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=128 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 350 (0x15E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 188 (0xBC) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=291 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] A1 81 B9 30 81 B6 A2 81 B3 04 81 B0 4E 54 4C 4D ...0.... ....NTLM > [010] 53 53 50 00 03 00 00 00 18 00 18 00 70 00 00 00 SSP..... ....p... > [020] 18 00 18 00 88 00 00 00 0E 00 0E 00 48 00 00 00 ........ ....H... > [030] 10 00 10 00 56 00 00 00 0A 00 0A 00 66 00 00 00 ....V... ....f... > [040] 10 00 10 00 A0 00 00 00 15 82 88 E2 05 01 28 0A ........ ......(. > [050] 00 00 00 0F 41 00 4E 00 44 00 4F 00 4C 00 41 00 ....A.N. D.O.L.A. > [060] 4E 00 61 00 6E 00 64 00 6F 00 62 00 75 00 72 00 N.a.n.d. o.b.u.r. > [070] 67 00 77 00 73 00 30 00 33 00 35 00 D0 9E 33 80 g.w.s.0. 3.5...3. > [080] 00 69 F8 67 00 00 00 00 00 00 00 00 00 00 00 00 .i.g.... ........ > [090] 00 00 00 00 A9 D0 BB 98 15 8C 8D 60 4B 1C E6 AE ........ ...`K... > [0A0] 4F 64 A1 0F 23 9D 94 CB 73 34 7D A7 8A 09 5A B4 Od..#... s4}...Z. > [0B0] 17 AC CB 75 2C 86 41 8C 10 3B FF 05 00 57 00 69 ...u,.A. .;...W.i > [0C0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 > [0D0] 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 .0.2. .S .e.r.v.i > [0E0] 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 .c.e. .P .a.c.k. > [0F0] 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 .2. .2.6 .0.0...W > [100] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 > [110] 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 .0.0.2. .5...1.. > [120] 00 00 00 ... >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 16709) conn 0x0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X(844) > wct=12 flg2=0xc807 >[2006/06/20 18:19:34, 2] smbd/sesssetup.c:setup_new_vc_session(794) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(655) > Doing spnego session setup >[2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(686) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2006/06/20 18:19:34, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) > Got user=[andoburg] domain=[ANDOLAN] workstation=[ws035] len1=24 len2=24 >[2006/06/20 18:19:34, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) > auth_context challenge set by NTLMSSP callback (NTLM2) >[2006/06/20 18:19:34, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) > challenge is: >[2006/06/20 18:19:34, 5] lib/util.c:dump_data(2215) > [000] 1E A8 F9 60 AA 49 59 CA ...`.IY. >[2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:34, 5] auth/auth_util.c:make_user_info_map(162) > make_user_info_map: Mapping user [ANDOLAN]\[andoburg] from workstation [ws035] >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] auth/auth_util.c:is_trusted_domain(1934) > is_trusted_domain: Checking for domain trust with [ANDOLAN] >[2006/06/20 18:19:34, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) > secrets_fetch failed! >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = TDOM/ANDOLAN couldn't be found >[2006/06/20 18:19:34, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain ANDOLAN found. >[2006/06/20 18:19:34, 5] auth/auth_util.c:make_user_info(76) > attempting to make a user_info for andoburg (andoburg) >[2006/06/20 18:19:34, 5] auth/auth_util.c:make_user_info(86) > making strings for andoburg's user_info struct >[2006/06/20 18:19:34, 5] auth/auth_util.c:make_user_info(118) > making blobs for andoburg's user_info struct >[2006/06/20 18:19:34, 10] auth/auth_util.c:make_user_info(136) > made an encrypted user_info for andoburg (andoburg) >[2006/06/20 18:19:34, 3] auth/auth.c:check_ntlm_password(221) > check_ntlm_password: Checking password for unmapped user [ANDOLAN]\[andoburg]@[ws035] with the new password interface >[2006/06/20 18:19:34, 3] auth/auth.c:check_ntlm_password(224) > check_ntlm_password: mapped user is: [ANDOLAN]\[andoburg]@[ws035] >[2006/06/20 18:19:34, 10] auth/auth.c:check_ntlm_password(233) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2006/06/20 18:19:34, 10] auth/auth.c:check_ntlm_password(235) > challenge is: >[2006/06/20 18:19:34, 5] lib/util.c:dump_data(2215) > [000] 1E A8 F9 60 AA 49 59 CA ...`.IY. >[2006/06/20 18:19:34, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: guest had nothing to say >[2006/06/20 18:19:34, 8] lib/util.c:is_myname(2036) > is_myname("ANDOLAN") returns 0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=andoburg)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_close(1080) > The connection to the LDAP server was closed >[2006/06/20 18:19:34, 10] lib/smbldap.c:smb_ldap_setup_conn(632) > smb_ldap_setup_connection: ldap://localhost >[2006/06/20 18:19:34, 2] lib/smbldap.c:smbldap_open_connection(788) > smbldap_open_connection: connection opened >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_connect_system(947) > ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=andolan" >[2006/06/20 18:19:34, 3] lib/smbldap.c:smbldap_connect_system(992) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2006/06/20 18:19:34, 4] lib/smbldap.c:smbldap_open(1060) > The LDAP server is succesfully connected >[2006/06/20 18:19:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) > init_sam_from_ldap: Entry found for user: andoburg >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username andoburg, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) > pdb_set_nt_username: setting nt username andoburg, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name AndoBurg B.V., was >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2006/06/20 18:19:34, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2006/06/20 18:19:34, 5] passdb/login_cache.c:login_cache_init(41) > Opening cache file at /var/lib/samba/login_cache.tdb >[2006/06/20 18:19:34, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user andoburg >[2006/06/20 18:19:34, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2006/06/20 18:19:34, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) > No cache entry, bad count = 0, bad time = 0 >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:34, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username andoburg, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) > pdb_set_nt_username: setting nt username andoburg, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name AndoBurg B.V., was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_workstations(820) > pdb_set_workstations: setting workstations , was >[2006/06/20 18:19:34, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:19:34, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 from rid 3002 >[2006/06/20 18:19:34, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1455) > lookup_global_sam_rid: looking up RID 513. >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-513)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2969752157-892696647-4271518216-513] count=0 >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2969752157-892696647-4271518216-513))], scope => [2] >[2006/06/20 18:19:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) > init_group_from_ldap: Entry found for group: 10000 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 10] passdb/lookup_sid.c:sid_to_gid(1296) > sid_to_gid: S-1-5-21-2969752157-892696647-4271518216-513 -> 10000 >[2006/06/20 18:19:34, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) > store_gid_sid_cache: gid 10000 in cache -> S-1-5-21-2969752157-892696647-4271518216-513 >[2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_group_sid(564) > pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-513 >[2006/06/20 18:19:34, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-2969752157-892696647-4271518216-513 from rid 513 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 9] passdb/passdb.c:pdb_update_autolock_flag(1406) > pdb_update_autolock_flag: Account andoburg not autolocked, no check needed >[2006/06/20 18:19:34, 4] libsmb/ntlm_check.c:ntlm_password_check(326) > ntlm_password_check: Checking NT MD4 password >[2006/06/20 18:19:34, 4] auth/auth_sam.c:sam_account_ok(138) > sam_account_ok: Checking SMB password for user andoburg >[2006/06/20 18:19:34, 5] auth/auth_sam.c:logon_hours_ok(120) > logon_hours_ok: user andoburg allowed to logon at this time (Tue Jun 20 16:19:34 2006 > ) >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 10] lib/util_pw.c:getpwnam_alloc(76) > Got andoburg from pwnam_cache >[2006/06/20 18:19:34, 10] lib/util_pw.c:getpwnam_alloc(76) > Got andoburg from pwnam_cache >[2006/06/20 18:19:34, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [andoburg] >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:34, 10] passdb/lookup_sid.c:gid_to_sid(1128) > gid_to_sid: local 1001 -> S-1-22-2-1001 >[2006/06/20 18:19:34, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) > store_gid_sid_cache: gid 1001 in cache -> S-1-22-2-1001 >[2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979) > fetch sid from gid cache 0 -> S-1-22-2-0 >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10001))], scope => [2] >[2006/06/20 18:19:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) > init_group_from_ldap: Entry found for group: 10001 >[2006/06/20 18:19:34, 10] passdb/lookup_sid.c:gid_to_sid(1128) > gid_to_sid: local 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:19:34, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) > store_gid_sid_cache: gid 10001 in cache -> S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:19:34, 5] auth/auth_util.c:make_server_info_sam(603) > make_server_info_sam: made server info for user andoburg -> andoburg >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 3] auth/auth.c:check_ntlm_password(270) > check_ntlm_password: sam authentication for user [andoburg] succeeded >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth.c:check_ntlm_password(296) > check_ntlm_password: PAM Account for user [andoburg] succeeded >[2006/06/20 18:19:34, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [andoburg] -> [andoburg] -> [andoburg] succeeded >[2006/06/20 18:19:34, 5] auth/auth_util.c:free_user_info(1784) > attempting to free (and zero) a user_info structure >[2006/06/20 18:19:34, 10] auth/auth_util.c:free_user_info(1788) > structure was created for andoburg >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-3002)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-1001)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-512)))], scope => [2] >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-3002)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-1001)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-512)))], scope => [2] >[2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-3002] >[2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-513] >[2006/06/20 18:19:34, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-22-2-1001] >[2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2006/06/20 18:19:34, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-5-21-2969752157-892696647-4271518216-512 > Privilege set: > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 10000 -> S-1-5-21-2969752157-892696647-4271518216-513 >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:34, 10] auth/auth_util.c:create_local_token(970) > Could not convert SID S-1-1-0 to gid, ignoring it >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:34, 10] auth/auth_util.c:create_local_token(970) > Could not convert SID S-1-5-2 to gid, ignoring it >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:34, 10] auth/auth_util.c:create_local_token(970) > Could not convert SID S-1-5-11 to gid, ignoring it >[2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 1001 -> S-1-22-2-1001 >[2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 0 -> S-1-22-2-0 >[2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:19:34, 10] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(133) > Got NT session key of length 16 >[2006/06/20 18:19:34, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(140) > Got LM session key of length 16 >[2006/06/20 18:19:34, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) > ntlmssp_server_auth: Created NTLM2 session key. >[2006/06/20 18:19:34, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2006/06/20 18:19:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe2088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/06/20 18:19:34, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 101 >[2006/06/20 18:19:34, 10] lib/util_pw.c:getpwnam_alloc(76) > Got andoburg from pwnam_cache >[2006/06/20 18:19:34, 10] smbd/password.c:register_vuid(277) > register_vuid: (1001,1001) andoburg andoburg ANDOLAN guest=0 >[2006/06/20 18:19:34, 3] smbd/password.c:register_vuid(280) > User name: andoburg Real name: AndoBurg B.V. >[2006/06/20 18:19:34, 3] smbd/password.c:register_vuid(301) > UNIX uid 1001 is UNIX user andoburg, and will be vuid 101 >[2006/06/20 18:19:34, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find andoburg >[2006/06/20 18:19:34, 3] smbd/password.c:register_vuid(332) > Adding homes service for user 'andoburg' using home directory: '/home/andoburg' >[2006/06/20 18:19:34, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find homes >[2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=110 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=128 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=67 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 30 00 2E 00 32 00 33 00 72 00 63 00 33 ...0...2 .3.r.c.3 > [030] 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E ...A.N.D .O.L.A.N > [040] 00 00 00 ... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 78 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x4e >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 3 of length 82 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=78 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=192 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 78 (0x4E) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=35 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 .\.\.S.E .R.V.E.R > [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? > [020] 3F 3F 00 ??. >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 16709) conn 0x0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 4] smbd/reply.c:reply_tcon_and_X(666) > Client requested device type [?????] for share [IPC$] >[2006/06/20 18:19:34, 5] smbd/service.c:make_connection(1111) > making a connection to 'normal' service ipc$ >[2006/06/20 18:19:34, 10] smbd/share_access.c:user_ok_token(225) > user_ok_token: share IPC$ is ok for unix user andoburg >[2006/06/20 18:19:34, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user andoburg >[2006/06/20 18:19:34, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is andoburg >[2006/06/20 18:19:34, 10] lib/util_pw.c:getpwnam_alloc(76) > Got andoburg from pwnam_cache >[2006/06/20 18:19:34, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [andoburg]! >[2006/06/20 18:19:34, 10] smbd/service.c:set_conn_connectpath(122) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2006/06/20 18:19:34, 3] smbd/service.c:make_connection_snum(752) > Connect path is '/tmp' for service [IPC$] >[2006/06/20 18:19:34, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2006/06/20 18:19:34, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2006/06/20 18:19:34, 3] smbd/vfs.c:vfs_init_default(219) > Initialising default vfs hooks >[2006/06/20 18:19:34, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2006/06/20 18:19:34, 10] smbd/share_access.c:user_ok_token(225) > user_ok_token: share IPC$ is ok for unix user andoburg >[2006/06/20 18:19:34, 10] smbd/share_access.c:is_share_read_only_for_token(267) > is_share_read_only_for_user: share IPC$ is read-only for unix user andoburg >[2006/06/20 18:19:34, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2006/06/20 18:19:34, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2006/06/20 18:19:34, 3] lib/util_sid.c:string_to_sid(223) > string_to_sid: Sid @root does not start with 'S-'. >[2006/06/20 18:19:34, 5] smbd/password.c:user_in_netgroup(423) > Unable to get default yp domain >[2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] >[2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/service.c:make_connection_snum(941) > ws035 (192.168.68.22) connect to service IPC$ initially as user andoburg (uid=0, gid=1001) (pid 16709) >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:34, 2] smbd/reply.c:reply_tcon_and_X(709) > Serving IPC$ as a Dfs root >[2006/06/20 18:19:34, 3] smbd/reply.c:reply_tcon_and_X(714) > tconX service=IPC$ >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=192 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3 (0x3) > smb_bcc=7 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 100 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x64 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 4 of length 104 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] smbd/vfs.c:vfs_ChDir(741) > vfs_ChDir to /tmp >[2006/06/20 18:19:34, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/06/20 18:19:34, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \lsarpc. >[2006/06/20 18:19:34, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe lsarpc opening. >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe lsarpc (pipes_open=0) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 7153 (pipes_open=1) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7153 >[2006/06/20 18:19:34, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=256 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=21248 (0x5300) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 136 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x88 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 5 of length 140 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29011 (0x7153) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBwriteX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=1) >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7153 name: lsarpc open: Yes len: 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) > api_pipe_bind_req: decode request. 1520 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 12345778 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 1234 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : abcd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : ef 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 01 23 45 67 89 ab >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000000 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) > api_pipe_bind_req: make response. 1573 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:check_bind_req(982) > check_bind_req for \PIPE\lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\lsass. >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_write_and_X(217) > writeX-IPC pnum=7153 nwritten=72 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=320 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 59 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x3b >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 6 of length 63 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29011 (0x7153) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBreadX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=1) >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7153 name: lsarpc len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_read_and_X(262) > readX-IPC pnum=7153 min=1024 max=1024 nread=68 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 172 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xac >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 7 of length 176 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29011 (0x7153) > smb_bcc=105 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [020] 00 40 00 00 00 00 00 2C 00 D0 FA 09 00 09 00 00 .@....., ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E > [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 18 00 00 .R.V.E.R ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 02 ........ . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=88 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=1) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7153) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8496d80 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7153 name: lsarpc open: Yes len: 88 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 88 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000040 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 002c >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 70 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\lsarpc >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x8153a58 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr : 0009fad0 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000009 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000009 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.S.E.R.V.E.R... >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000022 lsa_io_obj_attr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 len : 00000018 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 ptr_root_dir: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c ptr_obj_name: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 attributes : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 ptr_sec_desc: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 ptr_sec_qos : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c des_access: 02000000 >[2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol2 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called lsarpc successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 818 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 72 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7153 name: lsarpc len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 16 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... > [030] 00 . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 130 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x82 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 8 of length 134 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29011 (0x7153) > smb_bcc=63 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 0C 00 ...... . DEA.... >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=1) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7153) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8496d80 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7153 name: lsarpc open: Yes len: 46 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 46 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000016 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 002e >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\lsarpc >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: lsarpc op 0x2e - unknown >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 23 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0020 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_hdr_fault fault >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(793) > 0018 status : DCERPC_FAULT_OP_RNG_ERROR >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c reserved: 00000000 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 30 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7153 name: lsarpc len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 130 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x82 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 9 of length 134 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29011 (0x7153) > smb_bcc=63 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 03 00 ...... . DEA.... >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=1) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7153) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8496d80 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7153 name: lsarpc open: Yes len: 46 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 46 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000016 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0007 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\lsarpc >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[2].fn == 0x8153e9a >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 info_class: 0003 >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 dom_ptr: 22000000 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 lsa_io_query_info_ctr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 info_class: 0003 >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000006 lsa_io_dom_query_3 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 uni_dom_max_len: 000e >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a uni_dom_str_len: 0010 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buffer_dom_name: 00000001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 buffer_dom_sid : 00000001 >[2006/06/20 18:19:34, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 uni_max_len: 00000008 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_str_len: 00000007 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0020 buffer : A.N.D.O.L.A.N. >[2006/06/20 18:19:34, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_dom_sid2 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 num_auths: 00000004 >[2006/06/20 18:19:34, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_dom_sid sid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0034 sid_rev_num: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0035 num_auths : 04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0036 id_auth[0] : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0037 id_auth[1] : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0038 id_auth[2] : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0039 id_auth[3] : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003a id_auth[4] : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003b id_auth[5] : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 003c sub_auths : 00000015 b102d25d 35357847 fe9a3208 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 004c status: NT_STATUS_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called lsarpc successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 30 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7153 name: lsarpc len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0068 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000050 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .P...... ...."... > [020] 00 0E 00 10 00 01 00 00 00 01 00 00 00 08 00 00 ........ ........ > [030] 00 00 00 00 00 07 00 00 00 41 00 4E 00 44 00 4F ........ .A.N.D.O > [040] 00 4C 00 41 00 4E 00 00 00 04 00 00 00 01 04 00 .L.A.N.. ........ > [050] 00 00 00 00 05 15 00 00 00 5D D2 02 B1 47 78 35 ........ .]...Gx5 > [060] 35 08 32 9A FE 00 00 00 00 5.2..... . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 100 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x64 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 10 of length 104 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=640 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [010] 00 . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/06/20 18:19:34, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \winreg. >[2006/06/20 18:19:34, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe winreg opening. >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested winreg (pipes_open=1) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name lsarpc pnum=7153 >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested winreg >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe winreg >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe winreg (pipes_open=1) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe winreg with handle 7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name winreg pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7153 >[2006/06/20 18:19:34, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \winreg >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=640 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=21504 (0x5400) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 136 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x88 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 11 of length 140 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=704 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29012 (0x7154) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBwriteX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7154 name: winreg open: Yes len: 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) > api_pipe_bind_req: decode request. 1520 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 338cd001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 2244 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : 31f1 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : aa aa >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 90 00 38 00 10 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000001 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) > api_pipe_bind_req: make response. 1573 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:check_bind_req(982) > check_bind_req for \PIPE\winreg >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\samr >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\NETLOGON >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\srvsvc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\wkssvc >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\winreg >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000d >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\winreg. >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000017 smb_io_rpc_results >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_write_and_X(217) > writeX-IPC pnum=7154 nwritten=72 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=704 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 59 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x3b >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 12 of length 63 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29012 (0x7154) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBreadX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7154 name: winreg len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_read_and_X(262) > readX-IPC pnum=7154 min=1024 max=1024 nread=68 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 120 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x78 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 13 of length 124 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=832 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29012 (0x7154) > smb_bcc=53 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [020] 00 0C 00 00 00 00 00 02 00 08 F5 14 01 38 BC 01 ........ .....8.. > [030] 00 00 00 00 02 ..... >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=36 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7154) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7154 name: winreg open: Yes len: 36 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 36 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 20 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 20 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000000c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0002 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 70 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[3].fn == 0x815bc93 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_open_hive >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 0114f508 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 server: bc38 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 access: 02000000 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_open(265) > regdb_open: refcount reset (1) >[2006/06/20 18:19:34, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM] >[2006/06/20 18:19:34, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM] >[2006/06/20 18:19:34, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM] >[2006/06/20 18:19:34, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2006/06/20 18:19:34, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-22-1-0. >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_open_hive >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 510 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 20 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7154 name: winreg len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=832 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 16 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... > [030] 00 . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 268 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x10c >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 14 of length 272 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=896 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 184 (0xB8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29012 (0x7154) > smb_bcc=201 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ > [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 6E 00 6E ...... . DEA..n.n > [040] 00 30 7A E1 76 37 00 00 00 00 00 00 00 37 00 00 .0z.v7.. .....7.. > [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C > [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o > [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t > [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e > [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g > [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m > [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 62 .e.t.e.r .s.\...b > [0C0] F5 00 00 00 00 19 00 02 00 ........ . >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=184 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7154) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7154 name: winreg open: Yes len: 184 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 184 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 168 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00b8 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 168 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 000000a0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 000f >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[1].fn == 0x815bf39 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_open_entry >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 length: 006e >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size: 006e >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 76e17a30 >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 00000037 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 00000037 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 unknown_0 : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c access: 00020019 >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (1) >[2006/06/20 18:19:34, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:19:34, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2006/06/20 18:19:34, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2006/06/20 18:19:34, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2006/06/20 18:19:34, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00020019, for NT token with 6 entries and first sid S-1-22-1-0. >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 >[2006/06/20 18:19:34, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (20019) granted. >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_open_entry >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd handle >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000003 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 634 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 168 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7154 name: winreg len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=896 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [020] 00 00 00 00 00 16 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... > [030] 00 . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 232 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xe8 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 15 of length 236 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 148 (0x94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 148 (0x94) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29012 (0x7154) > smb_bcc=165 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........ > [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........ > [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 2A 00 2A ...... . DEA..*.* > [040] 00 04 7A E1 76 15 00 00 00 00 00 00 00 15 00 00 ..z.v... ........ > [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a > [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h > [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 64 F5 14 .a.n.g.e ...S.d.. > [080] 01 94 F5 14 01 94 F5 14 01 04 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 5C F5 14 01 04 00 00 00 54 F5 14 .....\.. .....T.. > [0A0] 01 00 00 00 00 ..... >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=148 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7154) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7154 name: winreg open: Yes len: 148 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 148 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 132 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0094 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 132 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000007c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0011 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[10].fn == 0x815c025 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_query_value >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000003 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 length: 002a >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size: 002a >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 76e17a04 >[2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 00000015 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 00000015 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 ptr_reserved: 0114f564 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_buf: 0114f594 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c ptr_bufsize: 0114f594 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 bufsize: 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buf_unk: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 unk1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c ptr_buflen: 0114f55c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 buflen: 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 ptr_buflen2: 0114f554 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buflen2: 00000000 >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) > _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:19:34, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) > _reg_info: policy key type = [00000000] >[2006/06/20 18:19:34, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) > _reg_info: looking up value: [RefusePasswordChange] >[2006/06/20 18:19:34, 8] registry/reg_frontend.c:fetch_reg_values_specific(283) > fetch_reg_values_specific: Initializing cache of values for [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_fetch_values(563) > regdb_fetch_values: Looking for value of key [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:19:34, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: refuse machine password change, val: 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) > _reg_info: Testing value [RefusePasswordChange] >[2006/06/20 18:19:34, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) > _reg_info: Found match for value [RefusePasswordChange] >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_query_value >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: f000baaa >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type: 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 ptr: f000baaa >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_regval_buffer value >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buf_max_len: 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 offset : 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 buf_len : 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0018 buffer : .... >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c ptr: f000baaa >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 buf_max_len: 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 ptr: f000baaa >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 buf_len: 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) > 002c status: WERR_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 90 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 132 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7154 name: winreg len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000030 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..72] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... > [010] 00 30 00 00 00 00 00 00 00 AA BA 00 F0 04 00 00 .0...... ........ > [020] 00 AA BA 00 F0 04 00 00 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 AA BA 00 F0 04 00 00 00 AA BA 00 ........ ........ > [040] F0 04 00 00 00 00 00 00 00 ........ . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 16 of length 132 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29012 (0x7154) > smb_bcc=61 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 ...... . DEA.. >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7154) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7154 name: winreg open: Yes len: 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0005 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x815bb9c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_close >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000003 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (1) >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_close >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7154 name: winreg len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 17 of length 132 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29012 (0x7154) > smb_bcc=61 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 ...... . DEA.. >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7154) >[2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7154 name: winreg open: Yes len: 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0005 >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\winreg >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x815bb9c >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_close >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000002 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:34, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (0) >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_close >[2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called winreg successfully >[2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7154 name: winreg len: 1024 >[2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x29 >[2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) > Transaction 18 of length 45 >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1152 > smt_wct=3 > smb_vwv[ 0]=29012 (0x7154) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7154 >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7154 (pipes_open=2) >[2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:34, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7154 >[2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe winreg >[2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name winreg pnum=7154 (pipes_open=1) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1152 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x60 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 19 of length 100 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1216 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/06/20 18:19:35, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \samr. >[2006/06/20 18:19:35, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe samr opening. >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested samr (pipes_open=1) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name lsarpc pnum=7153 >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested samr >[2006/06/20 18:19:35, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 2 for pipe samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe samr (pipes_open=1) >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe samr with handle 7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name samr pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7153 >[2006/06/20 18:19:35, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \samr >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1216 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=21760 (0x5500) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 136 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x88 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 20 of length 140 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1280 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29013 (0x7155) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBwriteX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 72 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) > api_pipe_bind_req: decode request. 1520 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 12345778 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 1234 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : abcd >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : ef 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 01 23 45 67 89 ac >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000001 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) > api_pipe_bind_req: make response. 1573 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe.c:check_bind_req(982) > check_bind_req for \PIPE\samr >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\lsarpc >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe.c:check_bind_req(987) > checking \PIPE\samr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\lsass. >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/06/20 18:19:35, 3] smbd/pipes.c:reply_pipe_write_and_X(217) > writeX-IPC pnum=7155 nwritten=72 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1280 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 59 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x3b >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 21 of length 63 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29013 (0x7155) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBreadX (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:19:35, 3] smbd/pipes.c:reply_pipe_read_and_X(262) > readX-IPC pnum=7155 min=1024 max=1024 nread=68 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 164 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xa4 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 22 of length 168 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=97 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 01 00 00 ........ .P...... > [020] 00 38 00 00 00 00 00 40 00 D0 FA 09 00 09 00 00 .8.....@ ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E > [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 30 00 00 .R.V.E.R .....0.. > [050] 00 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 ........ ........ > [060] 00 . >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=80 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 80 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 80 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 64 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0050 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 64 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000038 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0040 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 68 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[49].fn == 0x819f978 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_connect5 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr_srv_name: 0009fad0 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000009 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000009 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.S.E.R.V.E.R... >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 access_mask: 00000030 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 level: 00000001 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c level: 00000001 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 info1_unk1: 00000003 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 info1_unk2: 00000000 >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2724) > _samr_connect5: 2724 >[2006/06/20 18:19:35, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000030, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 30 >[2006/06/20 18:19:35, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (30) granted. >[2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(210) > _samr_connect5: access GRANTED (requested: 0x00000030, granted: 0x00000030) >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(316) > get_samr_info_by_sid: created new info for sid (NULL) >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(321) > get_samr_info_by_sid: created new info for NULL sid. >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2756) > _samr_connect: 2756 >[2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_connect5(7140) > init_samr_q_connect5 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_connect5 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 level: 00000001 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 level: 00000001 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 info1_unk1: 00000003 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c info1_unk2: 00000000 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_pol_hnd connect_pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 data2: 00000004 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0024 status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 974 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 64 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 40. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0040 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000028 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..64] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 64 (0x40) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=65 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 40 00 00 00 01 00 00 ........ .@...... > [010] 00 28 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .(...... ........ > [020] 00 03 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... > [040] 00 . >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 136 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x88 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 23 of length 140 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1472 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=69 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 02 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... > [040] 00 00 20 00 00 .. .. >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=52 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 52 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 52 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 36 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0034 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 36 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000001c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0006 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[3].fn == 0x819fcce >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_enum_domains >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000004 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 start_idx: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 max_size : 00002000 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) > _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2817) > make_enum_domains >[2006/06/20 18:19:35, 10] rpc_parse/parse_samr.c:init_sam_entry(1409) > init_sam_entry: 0 >[2006/06/20 18:19:35, 10] rpc_parse/parse_samr.c:init_sam_entry(1409) > init_sam_entry: 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3291) > init_samr_r_enum_domains >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_enum_domains >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 next_idx : 00000002 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_entries1: 00000001 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 num_entries2: 00000002 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c ptr_entries2: 00000001 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 num_entries3: 00000002 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sam_io_sam_entry dom[0] >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 rid: 00000000 >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_unihdr unihdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 uni_str_len: 000e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001a uni_max_len: 000e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c buffer : 00000001 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sam_io_sam_entry dom[1] >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 rid: 00000000 >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unihdr unihdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 uni_str_len: 000e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 uni_max_len: 000e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 buffer : 00000001 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_unistr2 dom[0] >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_max_len: 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 uni_str_len: 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0038 buffer : A.N.D.O.L.A.N. >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000046 smb_io_unistr2 dom[1] >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_max_len: 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c offset : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 uni_str_len: 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0054 buffer : B.u.i.l.t.i.n. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 num_entries4: 00000002 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0068 status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 88 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 36 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0084 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000006c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..132] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=188 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1472 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 132 (0x84) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 84 00 00 00 02 00 00 ........ ........ > [010] 00 6C 00 00 00 00 00 00 00 02 00 00 00 01 00 00 .l...... ........ > [020] 00 02 00 00 00 01 00 00 00 02 00 00 00 00 00 00 ........ ........ > [030] 00 0E 00 0E 00 01 00 00 00 00 00 00 00 0E 00 0E ........ ........ > [040] 00 01 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [050] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 00 .A.N.D.O .L.A.N.. > [060] 00 07 00 00 00 00 00 00 00 07 00 00 00 42 00 75 ........ .....B.u > [070] 00 69 00 6C 00 74 00 69 00 6E 00 00 00 02 00 00 .i.l.t.i .n...... > [080] 00 00 00 00 00 ..... >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 162 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xa2 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 24 of length 166 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=162 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1536 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 78 (0x4E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 78 (0x4E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=95 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4E 00 00 00 03 00 00 ........ .N...... > [020] 00 36 00 00 00 00 00 05 00 00 00 00 00 04 00 00 .6...... ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 0E 00 0E ...... . DEA..... > [040] 00 B8 B7 B0 02 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [050] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 .A.N.D.O .L.A.N. >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=78 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 78 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 78 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 78 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 78, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 62 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 62 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 004e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 62 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 62, incoming data = 62 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000036 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0005 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[41].fn == 0x819fb10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_lookup_domain >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd connect_pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000004 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unihdr hdr_domain >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 uni_str_len: 000e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 uni_max_len: 000e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 buffer : 02b0b7b8 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 uni_domain >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : A.N.D.O.L.A.N. >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) > _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2006/06/20 18:19:35, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2799) > Returning domain sid for domain ANDOLAN -> S-1-5-21-2969752157-892696647-4271518216 >[2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(136) > init_samr_r_lookup_domain >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_lookup_domain >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 00000001 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_dom_sid2 sid >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 num_auths: 00000004 >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_dom_sid sid >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 sid_rev_num: 01 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0009 num_auths : 04 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000a id_auth[0] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000b id_auth[1] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000c id_auth[2] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000d id_auth[3] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e id_auth[4] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000f id_auth[5] : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0010 sub_auths : 00000015 b102d25d 35357847 fe9a3208 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0020 status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 14 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 62 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 003c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000024 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..60] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1536 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 03 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .$...... ........ > [020] 00 01 04 00 00 00 00 00 05 15 00 00 00 5D D2 02 ........ .....].. > [030] B1 47 78 35 35 08 32 9A FE 00 00 00 00 .Gx55.2. ..... >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 160 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xa0 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 25 of length 164 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1600 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=93 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 04 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 04 00 00 .4...... ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 11 02 00 ...... . DEA..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 5D D2 02 B1 47 78 35 35 08 32 9A FE .]...Gx5 5.2.. >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=76 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 76 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 76 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 60 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 004c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 60 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000034 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0007 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[39].fn == 0x819d6ac >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_open_domain >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000004 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 flags: 00000211 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_dom_sid2 sid >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 num_auths: 00000004 >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_dom_sid sid >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001c sid_rev_num: 01 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001d num_auths : 04 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e id_auth[0] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001f id_auth[1] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0020 id_auth[2] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0021 id_auth[3] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0022 id_auth[4] : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0023 id_auth[5] : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0024 sub_auths : 00000015 b102d25d 35357847 fe9a3208 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) > _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(179) > access_check_samr_object: user rights access mask [0xd047a] >[2006/06/20 18:19:35, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000201, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 201 >[2006/06/20 18:19:35, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (201) granted. >[2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(210) > _samr_open_domain: access GRANTED (requested: 0x00000201, granted: 0x000d067b) >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(316) > get_samr_info_by_sid: created new info for sid S-1-5-21-2969752157-892696647-4271518216 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(625) > samr_open_domain: 625 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_open_domain >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000005 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 956 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 60 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1600 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ > [020] 00 00 00 00 00 17 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... > [030] 00 . >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 168 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0xa8 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 26 of length 172 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1664 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 84 (0x54) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 84 (0x54) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=101 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 54 00 00 00 05 00 00 ........ .T...... > [020] 00 3C 00 00 00 00 00 32 00 00 00 00 00 05 00 00 .<.....2 ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 0C 00 0E ...... . DEA..... > [040] 00 70 86 16 00 07 00 00 00 00 00 00 00 06 00 00 .p...... ........ > [050] 00 57 00 53 00 30 00 33 00 35 00 24 00 80 00 00 .W.S.0.3 .5.$.... > [060] 00 B0 00 05 E0 ..... >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=84 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 84 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 84 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 68 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0054 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 68 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000003c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0032 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATE_USER >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[33].fn == 0x819f105 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_create_user >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000005 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unihdr hdr_name >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 uni_str_len: 000c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 uni_max_len: 000e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 buffer : 00168670 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 uni_name >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 00000006 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : W.S.0.3.5.$. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 acb_info : 00000080 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 access_mask: e00500b0 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) > _samr_create_user: access check ((granted: 0x000d067b; required: 0x00000010) >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:can_create(2389) > Checking whether [ws035$] can be created >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 10] passdb/util_wellknown.c:lookup_wellknown_name(154) > map_name_to_wellknown_sid: looking up ws035$ >[2006/06/20 18:19:35, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) > secrets_fetch failed! >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=ws035$)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396) > ldapsam_getsampwnam: Unable to locate user [ws035$] count=0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=ws035$)(cn=ws035$)))], scope => [2] >[2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:can_create(2399) > ws035$ does not exist, can create it >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2503) > _samr_create_user: can add this account : True >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user ws035$ >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is ws035$ >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WS035$ >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in ws035$ >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [ws035$]! >[2006/06/20 18:19:35, 3] passdb/pdb_interface.c:pdb_default_create_user(363) > _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w ws035$' gave 0 >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user ws035$ >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is ws035$ >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [ws035$]! >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name Computer, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10002))], scope => [2] >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) > init_group_from_ldap: Entry found for group: 10002 >[2006/06/20 18:19:35, 10] passdb/lookup_sid.c:gid_to_sid(1128) > gid_to_sid: local 10002 -> S-1-5-21-2969752157-892696647-4271518216-201017 >[2006/06/20 18:19:35, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) > store_gid_sid_cache: gid 10002 in cache -> S-1-5-21-2969752157-892696647-4271518216-201017 >[2006/06/20 18:19:35, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) > fetch gid from cache 10002 -> S-1-5-21-2969752157-892696647-4271518216-201017 >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_group_sid(564) > pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-201017 >[2006/06/20 18:19:35, 2] lib/smbldap_util.c:smbldap_search_domain_info(219) > smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ANDOLAN))] >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(objectClass=sambaDomain)(sambaDomainName=ANDOLAN))], scope => [2] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) > smbldap_make_mod: deleting attribute |sambaNextRid| values |201024| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaNextRid| value |201025| >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_modify(1363) > smbldap_modify: dn => [sambaDomainName=ANDOLAN,dc=andolan] >[2006/06/20 18:19:35, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1455) > lookup_global_sam_rid: looking up RID 201025. >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2969752157-892696647-4271518216-201025] count=0 >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025))], scope => [2] >[2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) > ldapsam_getgroup: Did not find group >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=ws035$)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(uid=ws035$)], scope => [2] >[2006/06/20 18:19:35, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1959) > ldapsam_add_sam_account: User exists without samba attributes: adding them >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(504) > smbldap_make_mod: attribute |uid| not changed. >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965) > init_ldap_from_sam: Setting entry for user: ws035$ >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaSID] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaSID| value |S-1-5-21-2969752157-892696647-4271518216-201025| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPrimaryGroupSID] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaPrimaryGroupSID| value |S-1-5-21-2969752157-892696647-4271518216-201017| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(504) > smbldap_make_mod: attribute |displayName| not changed. >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaAcctFlags| value |[DW ]| >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_modify(1363) > smbldap_modify: dn => [uid=ws035$,ou=Computers,dc=andolan] >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(2069) > ldapsam_add_sam_account: added: uid == ws035$ in the LDAP database >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(179) > access_check_samr_object: user rights access mask [0xd04e4] >[2006/06/20 18:19:35, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x0002031b, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-1001 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 2035b, current desired = 2031b >[2006/06/20 18:19:35, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2031b) granted. >[2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(210) > _samr_create_user: access GRANTED (requested: 0x0002031b, granted: 0x000f07ff) >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(316) > get_samr_info_by_sid: created new info for sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_dispinfo_by_sid(262) > get_samr_dispinfo_by_sid: Replacing S-1-5-21-2969752157-892696647-4271518216-201025 with our domain SID >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[4] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_create_user >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000006 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 access_granted: 000f07ff >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 user_rid : 00031141 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 001c status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 1201 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 68 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0038 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000020 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..56] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1664 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 05 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 06 00 00 . ...... ........ > [020] 00 00 00 00 00 17 20 98 44 45 41 00 00 FF 07 0F ...... . DEA..... > [030] 00 41 11 03 00 00 00 00 00 .A...... . >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 130 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x82 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 27 of length 134 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1728 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=63 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 06 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 24 00 00 00 00 00 06 00 00 .......$ ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 10 00 ...... . DEA.... >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 46 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 46 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000016 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0024 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERY_USERINFO >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[21].fn == 0x819ec0a >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_query_userinfo >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000006 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 switch_value: 0010 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1986) > _samr_query_userinfo: sid:S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1997) > _samr_query_userinfo: user info level: 16 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) > init_sam_from_ldap: Entry found for user: ws035$ >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) > pdb_set_nt_username: setting nt username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name Computer, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user ws035$ >[2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2006/06/20 18:19:35, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) > No cache entry, bad count = 0, bad time = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] rpc_server/srv_samr_nt.c:get_user_info_16(1832) > User:[ws035$] >[2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_sam_user_info16(5437) > init_sam_user_info16 >[2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_query_userinfo(6759) > init_samr_r_query_userinfo >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(2057) > _samr_query_userinfo: 2057 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_query_userinfo >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 00000001 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 samr_io_userinfo_ctr ctr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 switch_value: 0010 >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000008 samr_io_r_user_info16 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 acb_info: 00000081 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 000c status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 12 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 30 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0028 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000010 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1728 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 06 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 01 00 00 00 10 00 00 ........ ........ > [020] 00 81 00 00 00 00 00 00 00 ........ . >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 28 of length 132 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1792 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=61 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 2C 00 00 00 00 00 06 00 00 ......., ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 ...... . DEA.. >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000007 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 002c >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x2c - api_rpcTNP: rpc command: SAMR_GET_USRDOM_PWINFO >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[44].fn == 0x819d86a >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_get_usrdom_pwinfo >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000006 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_get_usrdom_pwinfo(345) > init_samr_r_get_usrdom_pwinfo >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_get_usrdom_pwinfo(649) > _samr_get_usrdom_pwinfo: 649 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_get_usrdom_pwinfo >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 min_pwd_length: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 unknown_1: 0015 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 password_properties: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0008 status : NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1792 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 00 00 15 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 ..... >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 884 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x374 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 29 of length 888 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=884 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1856 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 800 (0x320) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 800 (0x320) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=817 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 20 03 00 00 08 00 00 ........ . ...... > [020] 00 08 03 00 00 00 00 3A 00 00 00 00 00 06 00 00 .......: ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 19 00 19 ...... . DEA..... > [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [070] 00 00 00 00 00 00 00 00 00 0C 00 0E 00 70 86 16 ........ .....p.. > [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 00 00 00 00 80 00 00 00 02 00 10 ........ ........ > [0F0] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [100] 00 00 00 00 00 1C 3C E4 88 ED C9 9F DA 7D 16 1A ......<. .....}.. > [110] D5 C3 D6 55 CF 5B 7C 31 1A 66 07 35 94 DD 3B 6A ...U.[|1 .f.5..;j > [120] 84 40 36 44 3D 2C EE 9C 3D 97 01 69 D3 75 20 49 .@6D=,.. =..i.u I > [130] 64 C4 77 E6 F3 EE C6 FB 11 59 5D 8C 43 B4 62 BE d.w..... .Y].C.b. > [140] B9 59 93 BA 12 A1 AF 7C 1A F2 6F F4 75 B6 24 F3 .Y.....| ..o.u.$. > [150] 25 0F AD E1 CA A9 DF 18 77 6E 1A 2C F2 48 B5 FF %....... wn.,.H.. > [160] E6 52 C7 E3 22 A8 CE C8 9C 5B EA 3F B9 D4 E4 40 .R.."... .[.?...@ > [170] A6 EB 14 97 F5 F7 52 22 5A E4 46 42 B4 48 45 26 ......R" Z.FB.HE& > [180] EC 38 33 DB F0 81 B8 10 BB 24 93 84 28 78 38 0B .83..... .$..(x8. > [190] 89 8F 04 C0 A9 09 7B F2 42 3B 67 28 39 3F C5 F5 ......{. B;g(9?.. > [1A0] B1 7B 87 BB 8C DD 8A 0D 16 E0 DD C4 6B 4A 0F 71 .{...... ....kJ.q > [1B0] C5 0A 29 FC 11 38 EB 9A 1D 56 0C 24 11 FA 83 F9 ..)..8.. .V.$.... > [1C0] 90 D0 6F 14 8D 79 2B 6F 82 17 8D 4C D9 A6 C1 E7 ..o..y+o ...L.... > [1D0] 16 3F 39 85 40 C0 3B AE BB 55 D9 5E BB 8D 87 FC .?9.@.;. .U.^.... > [1E0] 7E C8 7A DC 88 D7 57 2A 4E AF F1 9E D3 DC 56 73 ~.z...W* N.....Vs > [1F0] 68 92 FD 00 12 FF 07 75 BE A8 1E 5B 15 02 0F 13 h......u ...[.... >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=800 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 800 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 800 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 800 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 800, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 784 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 784 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0320 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000008 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 784 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 784, incoming data = 784 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000308 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 003a >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[22].fn == 0x81a002b >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_set_userinfo >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000006 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 switch_value: 0019 >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 samr_io_userinfo_ctr ctr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 switch_value: 0019 >[2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 sam_io_user_info25 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time logon_time >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time logoff_time >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time kickoff_time >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time pass_last_set_time >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_time pass_can_change_time >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 low : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c high: 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_time pass_must_change_time >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 low : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 high: 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_user_name >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_full_name >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 000c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 000e >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00168670 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr hdr_logon_script >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr hdr_profile_path >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000078 smb_io_unihdr hdr_acct_desc >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c buffer : 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000080 smb_io_unihdr hdr_workstations >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0080 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0082 uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 buffer : 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000088 smb_io_unihdr hdr_unknown_str >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0088 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008a uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 008c buffer : 00000000 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_munged_dial >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0098 lm_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a8 nt_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 user_rid : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc group_rid : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 acb_info : 00000080 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 fields_present : 01100002 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00c8 unknown_5 : 00000000 00000000 00000000 00000000 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00dc password : 1c 3c e4 88 ed c9 9f da 7d 16 1a d5 c3 d6 55 cf 5b 7c 31 1a 66 07 35 94 dd 3b 6a 84 40 36 44 3d 2c ee 9c 3d 97 01 69 d3 75 20 49 64 c4 77 e6 f3 ee c6 fb 11 59 5d 8c 43 b4 62 be b9 59 93 ba 12 a1 af 7c 1a f2 6f f4 75 b6 24 f3 25 0f ad e1 ca a9 df 18 77 6e 1a 2c f2 48 b5 ff e6 52 c7 e3 22 a8 ce c8 9c 5b ea 3f b9 d4 e4 40 a6 eb 14 97 f5 f7 52 22 5a e4 46 42 b4 48 45 26 ec 38 33 db f0 81 b8 10 bb 24 93 84 28 78 38 0b 89 8f 04 c0 a9 09 7b f2 42 3b 67 28 39 3f c5 f5 b1 7b 87 bb 8c dd 8a 0d 16 e0 dd c4 6b 4a 0f 71 c5 0a 29 fc 11 38 eb 9a 1d 56 0c 24 11 fa 83 f9 90 d0 6f 14 8d 79 2b 6f 82 17 8d 4c d9 a6 c1 e7 16 3f 39 85 40 c0 3b ae bb 55 d9 5e bb 8d 87 fc 7e c8 7a dc 88 d7 57 2a 4e af f1 9e d3 dc 56 73 68 92 fd 00 12 ff 07 75 be a8 1e 5b 15 02 0f 13 31 02 02 be 45 18 74 db d5 ed b8 5b d6 1d f8 e4 d6 67 56 e6 b3 e7 07 97 37 10 86 42 dd 24 85 75 2a 1d 98 9e ea c5 af 2b de e7 6d 97 17 ad 77 94 b1 b6 6e a2 c5 bc 41 81 f7 fc 7a db ef c1 a6 dd 22 05 d8 61 9c 1b 87 ec 58 e8 8b fa 76 35 1 +> > 7 d7 c3 cc 65 e7 92 85 8b 31 5a 50 b8 44 59 00 bf 57 84 0f 96 8f 83 6a 89 d8 82 21 4b cf b5 42 6d 08 41 20 24 72 aa cb a0 47 58 d3 0f 09 33 bf 83 68 0b c4 aa 42 ae ec d2 36 6b 4f e3 d8 3f 01 c2 0c 79 5f 2c c7 a5 ea b0 e8 7e af 9b 6a 83 6c 6b 86 23 08 77 7b 18 4d 32 2b fb 98 ed 39 36 b2 d4 62 63 88 04 d1 52 72 42 c6 e9 b1 7d ea ff fe 28 95 14 af b8 11 b2 aa bb 96 93 62 41 01 8a f3 a6 ff b4 a0 1b 81 f3 91 fc 67 de de 54 7a 6d 6e 24 be 71 a8 78 4b 68 4c 58 e2 6d 49 ed c0 12 10 82 a1 85 57 76 08 33 34 a6 28 78 6d 8f 5e 21 d3 a1 20 75 67 8d 41 b3 55 a3 4d 2f 00 2f f7 99 f1 08 93 82 89 7b 46 6d e5 37 f5 99 >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 0002f0 smb_io_unistr2 - NULL uni_user_name >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 0002f0 smb_io_unistr2 uni_full_name >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 02f0 uni_max_len: 00000007 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 02f4 offset : 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 02f8 uni_str_len: 00000006 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 02fc buffer : W.S.0.3.5.$. >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000308 smb_io_unistr2 - NULL uni_home_dir >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000308 smb_io_unistr2 - NULL uni_dir_drive >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000308 smb_io_unistr2 - NULL uni_logon_script >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000308 smb_io_unistr2 - NULL uni_profile_path >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000308 smb_io_unistr2 - NULL uni_acct_desc >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000308 smb_io_unistr2 - NULL uni_workstations >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000308 smb_io_unistr2 - NULL uni_unknown_str >[2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000308 smb_io_unistr2 - NULL uni_munged_dial >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3367) > _samr_set_userinfo: 3367 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) > _samr_set_userinfo: access check ((granted: 0x000f07ff; required: 0x000000b0) >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3383) > _samr_set_userinfo: sid:S-1-5-21-2969752157-892696647-4271518216-201025, level:25 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) > init_sam_from_ldap: Entry found for user: ws035$ >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) > pdb_set_nt_username: setting nt username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name Computer, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user ws035$ >[2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2006/06/20 18:19:35, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) > No cache entry, bad count = 0, bad time = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3417) > _samr_set_userinfo: does possess sufficient rights >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_util.c:copy_id25_to_sam_passwd(627) > INFO_25 UNI_FULL_NAME: Computer -> WS035$ >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name WS035$, was Computer >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_util.c:copy_id25_to_sam_passwd(729) > INFO_25 ACCT_CTRL: 00000081 -> 00000080 >[2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1777) > ldapsam_update_sam_account: user ws035$ to be modified has dn: uid=ws035$,ou=Computers,dc=andolan >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965) > init_ldap_from_sam: Setting entry for user: ws035$ >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) > smbldap_make_mod: deleting attribute |displayName| values |Computer| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |displayName| value |WS035$| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) > smbldap_make_mod: deleting attribute |sambaAcctFlags| values |[DW ]| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W ]| >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_modify(1363) > smbldap_modify: dn => [uid=ws035$,ou=Computers,dc=andolan] >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1804) > ldapsam_update_sam_account: successfully modified uid = ws035$ in the LDAP database >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(3252) > Attempting administrator password change for user ws035$ >[2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: maximum password age, val: 1814400 >[2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: minimum password age, val: 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(3272) > Changing trust account or non-unix-user password, not updating /etc/passwd >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(3290) > set_user_info_pw: pdb_update_pwd() >[2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1777) > ldapsam_update_sam_account: user ws035$ to be modified has dn: uid=ws035$,ou=Computers,dc=andolan >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965) > init_ldap_from_sam: Setting entry for user: ws035$ >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) > smbldap_make_mod: deleting attribute |displayName| values |Computer| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |displayName| value |WS035$| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1150820375| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaPwdMustChange| value |1152634775| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaNTPassword| value |1DE5BEC007730E75346B57BD95939A14| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1150820375| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) > smbldap_make_mod: deleting attribute |sambaAcctFlags| values |[DW ]| >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) > smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W ]| >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_modify(1363) > smbldap_modify: dn => [uid=ws035$,ou=Computers,dc=andolan] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_modify(1377) > Failed to modify dn: uid=ws035$,ou=Computers,dc=andolan, error: No such attribute (modify/delete: displayName: no such value) >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_set_userinfo >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0000 status: NT_STATUS_ACCESS_DENIED >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 910 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 784 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 001c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000008 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000004 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..28] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1856 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 08 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 22 00 00 C0 ........ ."... >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 30 of length 132 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1920 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=61 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 09 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 23 00 00 00 00 00 06 00 00 .......# ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 ...... . DEA.. >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000009 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0023 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x23 - api_rpcTNP: rpc command: SAMR_DELETE_DOM_USER >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[14].fn == 0x81a0ee1 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_delete_dom_user >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000006 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(4018) > _samr_delete_dom_user: 4018 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) > _samr_delete_dom_user: access check ((granted: 0x000f07ff; required: 0x00010000) >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) > init_sam_from_ldap: Entry found for user: ws035$ >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) > pdb_set_nt_username: setting nt username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name WS035$, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user ws035$ >[2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2006/06/20 18:19:35, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) > No cache entry, bad count = 0, bad time = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1455) > lookup_global_sam_rid: looking up RID 201025. >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) > init_sam_from_ldap: Entry found for user: ws035$ >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) > pdb_set_nt_username: setting nt username ws035$, was >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) > pdb_set_full_name: setting full name WS035$, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user ws035$ >[2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2006/06/20 18:19:35, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) > No cache entry, bad count = 0, bad time = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user ws035$ >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is ws035$ >[2006/06/20 18:19:35, 10] lib/util_pw.c:getpwnam_alloc(76) > Got ws035$ from pwnam_cache >[2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [ws035$]! >[2006/06/20 18:19:35, 10] passdb/lookup_sid.c:sid_to_uid(1206) > sid_to_uid: S-1-5-21-2969752157-892696647-4271518216-201025 -> 10031 >[2006/06/20 18:19:35, 3] passdb/pdb_ldap.c:ldapsam_delete_sam_account(1687) > ldapsam_delete_sam_account: Deleting user ws035$ from LDAP. >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) > smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=ws035$)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_delete(1427) > smbldap_delete: dn => [uid=ws035$,ou=Computers,dc=andolan] >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_delete_dom_user >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000009 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1920 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 31 of length 132 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1984 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=61 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0A 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 ...... . DEA.. >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000a >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0001 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x819d4fc >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_close_hnd >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000005 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:free_samr_cache(342) > free_samr_cache: deleting cache for SID S-1-5-21-2969752157-892696647-4271518216 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(564) > samr_reply_close_hnd: 564 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_close_hnd >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000a >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1984 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 32 of length 132 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=2048 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29013 (0x7155) > smb_bcc=61 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 ...... . DEA.. >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "samr" (pnum 7155) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x84955e8 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7155 name: samr open: Yes len: 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000b >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0001 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\samr >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[0].fn == 0x819d4fc >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_close_hnd >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000004 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 17 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:free_samr_cache(342) > free_samr_cache: deleting cache for SID S-0-0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(564) > samr_reply_close_hnd: 564 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_close_hnd >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called samr successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7155 name: samr len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000b >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=2048 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x29 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 33 of length 45 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2112 > smt_wct=3 > smb_vwv[ 0]=29013 (0x7155) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7155 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name samr pnum=7155 (pipes_open=2) >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=2) >[2006/06/20 18:19:35, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7155 >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name samr pnum=7155 (pipes_open=1) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2112 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x80 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 34 of length 132 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=2176 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29011 (0x7153) > smb_bcc=61 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 ...... . DEA.. >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=1) >[2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7153) >[2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8496d80 max_trans_reply: 1024 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7153 name: lsarpc open: Yes len: 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0000 >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) > Requested \PIPE\lsarpc >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) > api_rpc_cmds[4].fn == 0x81543a7 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_close >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000001 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 16 20 98 44 45 41 00 00 >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D > [010] 45 41 00 00 EA.. >[2006/06/20 18:19:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_close >[2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) > api_rpcTNP: called lsarpc successfully >[2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7153 name: lsarpc len: 1024 >[2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=2176 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x29 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 35 of length 45 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2240 > smt_wct=3 > smb_vwv[ 0]=29011 (0x7153) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1001 > SID[ 6]: S-1-22-2-0 > SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 1001 and contains 4 supplementary groups > Group[ 0]: 10000 > Group[ 1]: 1001 > Group[ 2]: 0 > Group[ 3]: 10001 >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7153 >[2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7153 (pipes_open=1) >[2006/06/20 18:19:35, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7153 >[2006/06/20 18:19:35, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name lsarpc pnum=7153 (pipes_open=0) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2240 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 39 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x27 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 36 of length 43 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=2304 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBulogoffX (pid 16709) conn 0x0 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:35, 3] smbd/reply.c:reply_ulogoffX(1614) > ulogoffX vuid=101 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=2304 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) > got message type 0x0 of len 0x23 >[2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) > Transaction 37 of length 39 >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2368 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) > switch message SMBtdis (pid 16709) conn 0x8497e40 >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:35, 3] smbd/service.c:close_cnum(1136) > ws035 (192.168.68.22) closed connection to service IPC$ >[2006/06/20 18:19:35, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2006/06/20 18:19:35, 4] smbd/vfs.c:vfs_ChDir(741) > vfs_ChDir to / >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) >[2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2368 > smt_wct=0 > smb_bcc=0 >[2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) > change_notify_timeout: -1 >[2006/06/20 18:19:35, 10] lib/util_sock.c:read_data(525) > read_data: read of 4 returned 0. Error = Success >[2006/06/20 18:19:35, 10] lib/util_sock.c:receive_smb_raw(672) > receive_smb_raw: length < 0! >[2006/06/20 18:19:35, 3] smbd/process.c:timeout_processing(1361) > timeout_processing: End of file from client (client has disconnected). >[2006/06/20 18:19:35, 5] lib/gencache.c:gencache_shutdown(90) > Closing cache file >[2006/06/20 18:19:35, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:19:35, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2006/06/20 18:19:35, 3] smbd/server.c:exit_server_common(675) > Server exit (normal exit)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 3848
:
1970
| 1971 |
1972