smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:26, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 46 00 00 ........ .0...F.. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/07/17 11:01:26, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 274 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x112 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3140 of length 278 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=274 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=35905 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 190 (0xBE) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 190 (0xBE) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29763 (0x7443) smb_bcc=207 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 BE 00 00 00 67 39 00 ........ .¾...g9. [020] 00 A6 00 00 00 00 00 45 00 28 AD 43 01 15 00 00 .¦.....E .(­C.... [030] 00 00 00 00 00 15 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [040] 00 41 00 44 00 4D 00 31 00 5C 00 53 00 6F 00 52 .A.D.M.1 .\.S.o.R [050] 00 6F 00 2D 00 4C 00 61 00 73 00 65 00 72 00 32 .o.-.L.a .s.e.r.2 [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [070] 00 08 00 00 00 01 00 00 00 01 00 00 00 08 FF 77 ........ ......ÿw [080] 02 1C 00 00 00 20 82 41 01 F4 FC 77 02 93 08 00 ..... .A .ôüw.... [090] 00 03 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [0A0] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0B0] 00 54 00 53 00 32 00 00 00 05 00 00 00 00 00 00 .T.S.2.. ........ [0C0] 00 05 00 00 00 67 00 65 00 68 00 72 00 00 00 .....g.e .h.r... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=190 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7443 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=5) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 7443) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8049c548 max_trans_reply: 4280 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7443 name: spoolss open: Yes len: 190 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 190 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 190 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 190, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 174 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 174 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00be [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00003967 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 174 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 174, incoming data = 174 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 000000a6 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0045 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x8011f241 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_open_printer_ex [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 0143ad28 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 printername [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000015 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000015 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.B.A.A.D.M.1.\.S.o.R.o.-.L.a.s.e.r.2... [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 00003c spoolss_io_printer_default [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c datatype_ptr: 00000000 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_unistr2 - NULL datatype [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000040 spoolss_io_devmode_cont [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 size: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 devmode_ptr: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 access_required: 00000008 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c user_switch: 00000001 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000050 spool_io_user_level [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 level: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 ptr: 0277ff08 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000058 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 size: 0000001c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c ptr: 01418220 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 ptr: 0277fcf4 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 build: 00000893 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 major: 00000003 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c minor: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 processor: 00000000 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000074 smb_io_unistr2 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 uni_max_len: 00000008 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c uni_str_len: 00000008 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0080 buffer : \.\.B.A.T.S.2... [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000090 smb_io_unistr2 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0090 uni_max_len: 00000005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0094 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0098 uni_str_len: 00000005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 009c buffer : g.e.h.r... checking name: \\BAADM1\SoRo-Laser2 [2006/07/17 11:01:29, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(564) open_printer_hnd: name [\\BAADM1\SoRo-Laser2] [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[10] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(408) Setting printer type=\\BAADM1\SoRo-Laser2 Printer is a printer [2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(447) Setting printer name=\\BAADM1\SoRo-Laser2 (len=20) searching for [SoRo-Laser2] set_printer_hnd_name: Printer found: SoRo-Laser2 -> SoRo-Laser2 [2006/07/17 11:01:29, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(599) 10 printer handles active [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:get_printer_snum(391) short name:SoRo-Laser2 [2006/07/17 11:01:29, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share SoRo-Laser2 is ok for unix user root [2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1681) Setting printer access = PRINTER_ACCESS_USE [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_open_printer_ex [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status code: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 144 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 174 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7443 name: spoolss len: 4280 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00003967 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=35905 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 67 39 00 ........ .0...g9. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0C 01 00 ........ ........ [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 250 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xfa [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3141 of length 254 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=250 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=35970 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 166 (0xA6) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 3172 (0xC64) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 166 (0xA6) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29764 (0x7444) smb_bcc=183 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 43 05 00 00 03 10 00 00 00 A6 00 00 00 68 39 00 C....... .¦...h9. [020] 00 8E 00 00 00 00 00 45 00 80 A8 42 01 09 00 00 .......E ..¨B.... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [040] 00 41 00 44 00 4D 00 31 00 00 00 00 00 00 00 00 .A.D.M.1 ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [060] 00 01 00 00 00 A0 F7 CA 03 1C 00 00 00 20 82 41 ..... ÷Ê ..... .A [070] 01 8C F5 CA 03 93 08 00 00 03 00 00 00 00 00 00 ..õÊ.... ........ [080] 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 ........ ........ [090] 00 5C 00 5C 00 42 00 41 00 54 00 53 00 32 00 00 .\.\.B.A .T.S.2.. [0A0] 00 05 00 00 00 00 00 00 00 05 00 00 00 67 00 65 ........ .....g.e [0B0] 00 68 00 72 00 00 00 .h.r... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=166 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=5) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 7444) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x80446a58 max_trans_reply: 3172 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7444 name: spoolss open: Yes len: 166 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 166 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 166 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 166, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 150 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 150 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00a6 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00003968 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 150 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 150, incoming data = 150 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000008e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0045 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x8011f241 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_open_printer_ex [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 0142a880 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 printername [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.B.A.A.D.M.1... [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 spoolss_io_printer_default [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 datatype_ptr: 00000000 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_unistr2 - NULL datatype [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000028 spoolss_io_devmode_cont [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 size: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c devmode_ptr: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 access_required: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 user_switch: 00000001 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000038 spool_io_user_level [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 level: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c ptr: 03caf7a0 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000040 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 size: 0000001c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr: 01418220 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 ptr: 03caf58c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c build: 00000893 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 major: 00000003 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 minor: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 processor: 00000000 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_unistr2 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c uni_max_len: 00000008 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 uni_str_len: 00000008 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0068 buffer : \.\.B.A.T.S.2... [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000078 smb_io_unistr2 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 uni_max_len: 00000005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 uni_str_len: 00000005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0084 buffer : g.e.h.r... checking name: \\BAADM1 [2006/07/17 11:01:29, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(564) open_printer_hnd: name [\\BAADM1] [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[11] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(408) Setting printer type=\\BAADM1 Printer is a print server [2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(447) Setting printer name=\\BAADM1 (len=8) [2006/07/17 11:01:29, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(599) 11 printer handles active [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1621) Setting print server access = SERVER_ACCESS_ENUMERATE [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_open_printer_ex [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010d [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status code: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 120 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 150 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7444 name: spoolss len: 3172 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00003968 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=35970 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 68 39 00 ........ .0...h9. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 01 00 ........ ........ [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 1308 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x51c [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3142 of length 1312 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=1308 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36033 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1224 (0x4C8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1224 (0x4C8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29763 (0x7443) smb_bcc=1241 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 C8 04 00 00 69 39 00 ........ .È...i9. [020] 00 B0 04 00 00 00 00 08 00 00 00 00 00 0C 01 00 .°...... ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... [040] 00 DC FA 77 02 8C 04 00 00 00 00 00 00 00 00 00 .Üúw.... ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=1224 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7443 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=5) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 7443) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8049c548 max_trans_reply: 4280 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7443 name: spoolss open: Yes len: 1224 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 1224 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 1224 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 1224, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 1208 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 1208 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 04c8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00003969 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 1208 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 1208, incoming data = 1208 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 000004b0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0008 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[9].fn == 0x801201e0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_getprinter [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 level: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 0277fadc [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c prs_rpcbuffer [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c size: 0000048c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 04ac offered: 0000048c [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:get_printer_snum(391) short name:SoRo-Laser2 [2006/07/17 11:01:29, 10] printing/nt_printing.c:get_a_printer(4337) get_a_printer: [SoRo-Laser2] level 2 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_devicemode(2656) Unpacked devicemode [\\baadm1\SoRo-Laser2](A4) [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_devicemode(2658) with a private section of 1230 bytes [2006/07/17 11:01:29, 10] printing/nt_printing.c:add_new_printer_key(2695) add_new_printer_key: Inserted new data key [PrinterDriverData] [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:TrayFormSize], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:TrayFormTable], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:FreeMem], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:JobTimeOut], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:Protocol], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PrinterDataSize], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PrinterData], len: 560 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:FeatureKeywordSize], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:FeatureKeyword], len: 67 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:XKEY_UI_MODE], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctSetup], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctSaveCode], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctHideUID], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctHideAID], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctUsage], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyDefaultUserId], len: 66 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyDefaultAcctId], len: 66 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyDeviceID], len: 146 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeySNMPNameEdit], len: 66 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyExtBidiEnable], len: 4 [2006/07/17 11:01:29, 10] printing/nt_printing.c:add_new_printer_key(2695) add_new_printer_key: Inserted new data key [DsSpooler] [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [DsSpooler:description], len: 22 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [DsSpooler:serverName], len: 14 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [DsSpooler:shortServerName], len: 14 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [DsSpooler:uNCName], len: 42 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc_buf nt_printing_getsec [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 max_len: 000000ac [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr : 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 len : 000000ac [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 00000c sec_io_desc sec [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c revision : 0001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000e type : 8004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 off_owner_sid: 0000008c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 off_grp_sid : 0000009c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 off_sacl : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c off_dacl : 00000014 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_dom_sid owner_sid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0098 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0099 num_auths : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009a id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009b id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009c id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009d id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009e id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009f id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 00a0 sub_auths : 00000020 00000220 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 0000a8 smb_io_dom_sid grp_sid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a8 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a9 num_auths : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00aa id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ab id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ac id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ad id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ae id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00af id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 00b0 sub_auths : 00000020 00000220 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 sec_io_acl dacl [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0020 revision: 0002 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0022 size : 0078 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 num_aces : 00000004 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 000028 sec_io_ace ace_list[00]: [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0029 flags: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a size : 0024 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 00002c sec_io_access info [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c mask: 000f000c [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid trustee [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0030 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0031 num_auths : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0032 id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0033 id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0034 id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0035 id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0036 id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0037 id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0038 sub_auths : 00000015 438997bc d8e96dfd 7e250c72 000001f4 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 00004c sec_io_ace ace_list[01]: [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d flags: 09 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004e size : 0024 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000050 sec_io_access info [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 mask: 000f0030 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_dom_sid trustee [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0054 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0055 num_auths : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0056 id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0057 id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0058 id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0059 id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 005a id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 005b id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 005c sub_auths : 00000015 438997bc d8e96dfd 7e250c72 000001f4 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 000070 sec_io_ace ace_list[02]: [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0070 type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0071 flags: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 size : 0014 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000074 sec_io_access info [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 mask: 000f000c [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000078 smb_io_dom_sid trustee [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0078 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0079 num_auths : 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007a id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007b id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007c id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007d id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007e id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007f id_auth[5] : 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0080 sub_auths : 00000000 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 000084 sec_io_ace ace_list[03]: [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0084 type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0085 flags: 09 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0086 size : 0014 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000088 sec_io_access info [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 mask: 000f0030 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 00008c smb_io_dom_sid trustee [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 008c sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 008d num_auths : 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 008e id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 008f id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0090 id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0091 id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0092 id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0093 id_auth[5] : 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0094 sub_auths : 00000000 [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5241) secdesc_ctr for SoRo-Laser2 has 4 aces: [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) S-1-5-21-1133090748-3639176701-2116357234-500 0 0 0x000f000c [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) S-1-5-21-1133090748-3639176701-2116357234-500 0 9 0x000f0030 [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) S-1-1-0 0 0 0x000f000c [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) S-1-1-0 0 9 0x000f0030 [2006/07/17 11:01:29, 9] printing/nt_printing.c:get_a_printer_2(3810) Unpacked printer [SoRo-Laser2] name [\\BAADM1\SoRo-Laser2] running driver [Xerox Document Centre 535 PS] [2006/07/17 11:01:29, 4] printing/printing.c:print_cache_expired(1080) print_cache_expired: cache expired for queue SoRo-Laser2 (last_qscan_time = 1153126723, time now = 1153126889, qcachetime = 30) [2006/07/17 11:01:29, 4] printing/printing.c:print_cache_expired(1096) print_cache_expired: message already pending for SoRo-Laser2. Accepting cache [2006/07/17 11:01:29, 10] printing/nt_printing.c:get_c_setprinter(729) get_c_setprinter: c_setprinter = 30 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_printer_info_0 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000462 smb_io_unistr printername [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_unistr(1224) 0462 unistr: \.\.B.A.A.D.M.1.\.S.o.R.o.-.L.a.s.e.r.2... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 offset: 00000462 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000450 smb_io_unistr servername [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_unistr(1224) 0450 unistr: \.\.B.A.A.D.M.1... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 offset: 00000450 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 cjobs: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c total_jobs: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 total_bytes: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 year: 07d6 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 month: 0005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 dayofweek: 0004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001a day: 0012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c hour: 000d [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e minute: 000f [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0020 second: 0019 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0022 milliseconds: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 global_counter: 0000001a [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 total_pages: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c major_version: 0005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e build_version: 0893 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 unknown7: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 unknown8: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 unknown9: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c session_counter: 0000001a [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 unknown11: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 printer_errors: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 unknown13: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c unknown14: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 unknown15: 0000024a [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 unknown16: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 change_id: 0025c19e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c unknown18: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 status: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 unknown20: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 c_setprinter: 0000001e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006c unknown22: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006e unknown23: 0006 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 unknown24: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 unknown25: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0074 unknown26: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0076 unknown27: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0078 unknown28: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007a unknown29: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_getprinter [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 prs_rpcbuffer [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 size: 0000048c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0494 needed: 000000b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0498 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 112 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 1208 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7443 name: spoolss len: 4280 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 1180. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 04b4 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00003969 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000049c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..1204] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=1260 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36033 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1204 (0x4B4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1204 (0x4B4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1205 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 B4 04 00 00 69 39 00 ........ .´...i9. [010] 00 9C 04 00 00 00 00 00 00 AA BA 00 F0 8C 04 00 ........ .ªº.ð... [020] 00 62 04 00 00 50 04 00 00 00 00 00 00 00 00 00 .b...P.. ........ [030] 00 00 00 00 00 D6 07 05 00 04 00 12 00 0D 00 0F .....Ö.. ........ [040] 00 19 00 00 00 1A 00 00 00 00 00 00 00 05 00 93 ........ ........ [050] 08 01 00 00 00 00 00 00 00 00 00 00 00 1A 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [070] 00 4A 02 00 00 00 00 00 00 9E C1 25 00 00 00 00 .J...... ..Á%.... [080] 00 00 00 00 00 00 00 00 00 1E 00 00 00 00 00 06 ........ ........ [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 176 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xb0 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3143 of length 180 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=176 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36098 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 3172 (0xC64) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29764 (0x7444) smb_bcc=109 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 5C 00 00 00 6A 39 00 ........ .\...j9. [020] 00 44 00 00 00 00 00 1A 00 00 00 00 00 0D 01 00 .D...... ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 0F 00 00 .....éQ» Dä...... [040] 00 00 00 00 00 0F 00 00 00 57 00 33 00 53 00 76 ........ .W.3.S.v [050] 00 63 00 49 00 6E 00 73 00 74 00 61 00 6C 00 6C .c.I.n.s .t.a.l.l [060] 00 65 00 64 00 00 00 00 00 04 00 00 00 .e.d.... ..... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=92 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=5) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 7444) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x80446a58 max_trans_reply: 3172 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7444 name: spoolss open: Yes len: 92 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 92 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 005c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000396a [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000044 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 001a [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[2].fn == 0x8011f3d4 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_getprinterdata [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010d [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 valuename [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 uni_max_len: 0000000f [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_str_len: 0000000f [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0020 buffer : W.3.S.v.c.I.n.s.t.a.l.l.e.d... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 size: 00000004 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:_spoolss_getprinterdata(2441) _spoolss_getprinterdata [2006/07/17 11:01:29, 8] rpc_server/srv_spoolss_nt.c:getprinterdata_printer_server(2249) getprinterdata_printer_server:W3SvcInstalled [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_getprinterdata [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 type: 00000004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 size: 00000004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0008 data: 38 00 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c needed: 00000004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0010 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 34 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 76 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7444 name: spoolss len: 3172 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 20. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000396a [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000014 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..44] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36098 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 6A 39 00 ........ .,...j9. [010] 00 14 00 00 00 00 00 00 00 04 00 00 00 04 00 00 ........ ........ [020] 00 38 00 00 00 04 00 00 00 00 00 00 00 .8...... ..... [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 1308 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x51c [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3144 of length 1312 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=1308 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36161 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1224 (0x4C8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1224 (0x4C8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29763 (0x7443) smb_bcc=1241 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 C8 04 00 00 6B 39 00 ........ .È...k9. [020] 00 B0 04 00 00 00 00 08 00 00 00 00 00 0C 01 00 .°...... ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... [040] 00 00 FB 77 02 8C 04 00 00 00 00 00 00 00 00 00 ..ûw.... ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=1224 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7443 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=5) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 7443) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8049c548 max_trans_reply: 4280 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7443 name: spoolss open: Yes len: 1224 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 1224 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 1224 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 1224, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 1208 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 1208 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 04c8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000396b [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 1208 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 1208, incoming data = 1208 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 000004b0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0008 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[9].fn == 0x801201e0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_getprinter [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 level: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 0277fb00 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c prs_rpcbuffer [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c size: 0000048c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 04ac offered: 0000048c [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[1] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:get_printer_snum(391) short name:SoRo-Laser2 [2006/07/17 11:01:29, 10] printing/nt_printing.c:get_a_printer(4337) get_a_printer: [SoRo-Laser2] level 2 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_devicemode(2656) Unpacked devicemode [\\baadm1\SoRo-Laser2](A4) [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_devicemode(2658) with a private section of 1230 bytes [2006/07/17 11:01:29, 10] printing/nt_printing.c:add_new_printer_key(2695) add_new_printer_key: Inserted new data key [PrinterDriverData] [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:TrayFormSize], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:TrayFormTable], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:FreeMem], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:JobTimeOut], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:Protocol], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PrinterDataSize], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PrinterData], len: 560 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:FeatureKeywordSize], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:FeatureKeyword], len: 67 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:XKEY_UI_MODE], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctSetup], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctSaveCode], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctHideUID], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctHideAID], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyAcctUsage], len: 4 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyDefaultUserId], len: 66 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyDefaultAcctId], len: 66 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyDeviceID], len: 146 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeySNMPNameEdit], len: 66 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [PrinterDriverData:PKeyExtBidiEnable], len: 4 [2006/07/17 11:01:29, 10] printing/nt_printing.c:add_new_printer_key(2695) add_new_printer_key: Inserted new data key [DsSpooler] [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [DsSpooler:description], len: 22 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [DsSpooler:serverName], len: 14 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [DsSpooler:shortServerName], len: 14 [2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) specific: [DsSpooler:uNCName], len: 42 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc_buf nt_printing_getsec [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 max_len: 000000ac [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr : 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 len : 000000ac [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 00000c sec_io_desc sec [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c revision : 0001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000e type : 8004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 off_owner_sid: 0000008c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 off_grp_sid : 0000009c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 off_sacl : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c off_dacl : 00000014 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_dom_sid owner_sid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0098 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0099 num_auths : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009a id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009b id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009c id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009d id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009e id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009f id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 00a0 sub_auths : 00000020 00000220 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 0000a8 smb_io_dom_sid grp_sid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a8 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a9 num_auths : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00aa id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ab id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ac id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ad id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ae id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00af id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 00b0 sub_auths : 00000020 00000220 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 sec_io_acl dacl [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0020 revision: 0002 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0022 size : 0078 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 num_aces : 00000004 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 000028 sec_io_ace ace_list[00]: [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0029 flags: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a size : 0024 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 00002c sec_io_access info [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c mask: 000f000c [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid trustee [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0030 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0031 num_auths : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0032 id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0033 id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0034 id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0035 id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0036 id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0037 id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0038 sub_auths : 00000015 438997bc d8e96dfd 7e250c72 000001f4 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 00004c sec_io_ace ace_list[01]: [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d flags: 09 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004e size : 0024 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000050 sec_io_access info [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 mask: 000f0030 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_dom_sid trustee [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0054 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0055 num_auths : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0056 id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0057 id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0058 id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0059 id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 005a id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 005b id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 005c sub_auths : 00000015 438997bc d8e96dfd 7e250c72 000001f4 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 000070 sec_io_ace ace_list[02]: [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0070 type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0071 flags: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 size : 0014 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000074 sec_io_access info [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 mask: 000f000c [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000078 smb_io_dom_sid trustee [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0078 sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0079 num_auths : 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007a id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007b id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007c id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007d id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007e id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 007f id_auth[5] : 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0080 sub_auths : 00000000 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 000084 sec_io_ace ace_list[03]: [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0084 type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0085 flags: 09 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0086 size : 0014 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 000088 sec_io_access info [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 mask: 000f0030 [2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) 00008c smb_io_dom_sid trustee [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 008c sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 008d num_auths : 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 008e id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 008f id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0090 id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0091 id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0092 id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0093 id_auth[5] : 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0094 sub_auths : 00000000 [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5241) secdesc_ctr for SoRo-Laser2 has 4 aces: [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) S-1-5-21-1133090748-3639176701-2116357234-500 0 0 0x000f000c [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) S-1-5-21-1133090748-3639176701-2116357234-500 0 9 0x000f0030 [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) S-1-1-0 0 0 0x000f000c [2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) S-1-1-0 0 9 0x000f0030 [2006/07/17 11:01:29, 9] printing/nt_printing.c:get_a_printer_2(3810) Unpacked printer [SoRo-Laser2] name [\\BAADM1\SoRo-Laser2] running driver [Xerox Document Centre 535 PS] [2006/07/17 11:01:29, 4] printing/printing.c:print_cache_expired(1080) print_cache_expired: cache expired for queue SoRo-Laser2 (last_qscan_time = 1153126723, time now = 1153126889, qcachetime = 30) [2006/07/17 11:01:29, 4] printing/printing.c:print_cache_expired(1096) print_cache_expired: message already pending for SoRo-Laser2. Accepting cache [2006/07/17 11:01:29, 10] printing/nt_printing.c:get_c_setprinter(729) get_c_setprinter: c_setprinter = 30 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_printer_info_0 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000462 smb_io_unistr printername [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_unistr(1224) 0462 unistr: \.\.B.A.A.D.M.1.\.S.o.R.o.-.L.a.s.e.r.2... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 offset: 00000462 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000450 smb_io_unistr servername [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_unistr(1224) 0450 unistr: \.\.B.A.A.D.M.1... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 offset: 00000450 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 cjobs: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c total_jobs: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 total_bytes: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 year: 07d6 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 month: 0005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 dayofweek: 0004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001a day: 0012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c hour: 000d [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e minute: 000f [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0020 second: 0019 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0022 milliseconds: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 global_counter: 0000001b [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 total_pages: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c major_version: 0005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e build_version: 0893 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 unknown7: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 unknown8: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 unknown9: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c session_counter: 0000001b [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 unknown11: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 printer_errors: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 unknown13: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c unknown14: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 unknown15: 0000024a [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 unknown16: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 change_id: 0025c19e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c unknown18: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 status: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 unknown20: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 c_setprinter: 0000001e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006c unknown22: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006e unknown23: 0006 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 unknown24: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 unknown25: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0074 unknown26: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0076 unknown27: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0078 unknown28: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007a unknown29: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_getprinter [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 prs_rpcbuffer [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 size: 0000048c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0494 needed: 000000b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0498 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 112 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 1208 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7443 name: spoolss len: 4280 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 1180. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 04b4 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000396b [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000049c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..1204] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=1260 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36161 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1204 (0x4B4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1204 (0x4B4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1205 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 B4 04 00 00 6B 39 00 ........ .´...k9. [010] 00 9C 04 00 00 00 00 00 00 AA BA 00 F0 8C 04 00 ........ .ªº.ð... [020] 00 62 04 00 00 50 04 00 00 00 00 00 00 00 00 00 .b...P.. ........ [030] 00 00 00 00 00 D6 07 05 00 04 00 12 00 0D 00 0F .....Ö.. ........ [040] 00 19 00 00 00 1B 00 00 00 00 00 00 00 05 00 93 ........ ........ [050] 08 01 00 00 00 00 00 00 00 00 00 00 00 1B 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [070] 00 4A 02 00 00 00 00 00 00 9E C1 25 00 00 00 00 .J...... ..Á%.... [080] 00 00 00 00 00 00 00 00 00 1E 00 00 00 00 00 06 ........ ........ [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3145 of length 132 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36226 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 3172 (0xC64) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29764 (0x7444) smb_bcc=61 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 43 05 00 00 03 10 00 00 00 2C 00 00 00 6C 39 00 C....... .,...l9. [020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 0D 01 00 ........ ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=5) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 7444) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x80446a58 max_trans_reply: 3172 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7444 name: spoolss open: Yes len: 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000396c [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 001d [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 0x8011f6e7 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_closeprinter [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010d [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_closeprinter [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7444 name: spoolss len: 3172 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000396c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36226 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 6C 39 00 ........ .0...l9. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3146 of length 132 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36290 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29763 (0x7443) smb_bcc=61 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 6D 39 00 ........ .,...m9. [020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 0C 01 00 ........ ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7443 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=5) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 7443) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8049c548 max_trans_reply: 4280 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7443 name: spoolss open: Yes len: 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000396d [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 001d [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 0x8011f6e7 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_closeprinter [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_closeprinter [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7443 name: spoolss len: 4280 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000396d [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=556 smb_uid=101 smb_mid=36290 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 6D 39 00 ........ .0...m9. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3147 of length 104 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36354 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] F8 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 ø\.l.s.a .r.p.c.. [010] 00 . [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/07/17 11:01:29, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2006/07/17 11:01:29, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=746a [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7463 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7462 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7443 [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=5) [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 7476 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7476 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=746a [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7463 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7462 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7443 [2006/07/17 11:01:29, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36354 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 156 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x9c [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3148 of length 160 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36418 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29814 (0x7476) smb_bcc=89 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9.±Ð ..¨.ÀOÙ. [040] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 õ.....]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=72 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7476 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7476 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7476) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7476 name: lsarpc open: Yes len: 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 3919286a [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : b10c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 11d0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 9b a8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 00 c0 4f d9 2e f5 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7476 name: lsarpc len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36418 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 110 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x6e [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3149 of length 114 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=110 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36482 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29814 (0x7476) smb_bcc=43 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ [020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=26 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7476 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7476 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7476) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7476 name: lsarpc open: Yes len: 26 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 26 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 10 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 001a [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 10 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000002 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x0 - unknown [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 23 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0020 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(793) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c reserved: 00000000 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 10 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7476 name: lsarpc len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36482 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3150 of length 45 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=36546 smt_wct=3 smb_vwv[ 0]=29814 (0x7476) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7476 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7476 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7476 [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=7476 (pipes_open=5) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=36546 smt_wct=0 smb_bcc=0 [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3151 of length 104 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36610 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/07/17 11:01:29, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \winreg. [2006/07/17 11:01:29, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe winreg opening. [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested winreg (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=746a [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7463 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7462 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7443 [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested winreg [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe winreg (pipes_open=5) [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe winreg with handle 7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name winreg pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=746a [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7463 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7462 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7443 [2006/07/17 11:01:29, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \winreg [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36610 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=30464 (0x7700) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 156 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x9c [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3152 of length 160 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36674 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29815 (0x7477) smb_bcc=89 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ..Ð.3D"ñ 1ªª..8.. [040] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=72 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7477) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7477 name: winreg open: Yes len: 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 338cd001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 2244 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 31f1 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : aa aa [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 90 00 38 00 10 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\winreg [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\winreg [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\winreg. [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7477 name: winreg len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36674 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 \winreg. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 120 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x78 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3153 of length 124 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36738 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29815 (0x7477) smb_bcc=53 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 84 F4 22 04 88 01 00 ........ ..ô".... [030] 00 00 00 00 02 ..... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=36 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7477) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7477 name: winreg open: Yes len: 36 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0002 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 0x80102d73 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_hive [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 0422f484 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 server: 0188 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 access: 02000000 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 [2006/07/17 11:01:29, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_open(265) regdb_open: refcount reset (1) [2006/07/17 11:01:29, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM] [2006/07/17 11:01:29, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM] [2006/07/17 11:01:29, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM] [2006/07/17 11:01:29, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/07/17 11:01:29, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/07/17 11:01:29, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-22-1-0. [2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(250) [2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-22-2-0 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 0E 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_hive [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 510 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 20 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7477 name: winreg len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36738 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 01 00 ........ ........ [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 252 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xfc [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3154 of length 256 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=252 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36802 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29815 (0x7477) smb_bcc=185 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 A8 00 00 00 02 00 00 ........ .¨...... [020] 00 90 00 00 00 00 00 0F 00 00 00 00 00 0E 01 00 ........ ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 60 00 60 .....éQ» Dä...`.` [040] 00 98 14 0F 75 30 00 00 00 00 00 00 00 30 00 00 ....u0.. .....0.. [050] 00 73 00 79 00 73 00 74 00 65 00 6D 00 5C 00 63 .s.y.s.t .e.m.\.c [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 63 00 6F .u.r.r.e .n.t.c.o [070] 00 6E 00 74 00 72 00 6F 00 6C 00 73 00 65 00 74 .n.t.r.o .l.s.e.t [080] 00 5C 00 63 00 6F 00 6E 00 74 00 72 00 6F 00 6C .\.c.o.n .t.r.o.l [090] 00 5C 00 70 00 72 00 6F 00 64 00 75 00 63 00 74 .\.p.r.o .d.u.c.t [0A0] 00 6F 00 70 00 74 00 69 00 6F 00 6E 00 73 00 00 .o.p.t.i .o.n.s.. [0B0] 00 00 00 00 00 19 00 02 00 ........ . [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=168 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7477) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7477 name: winreg open: Yes len: 168 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 168 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 152 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00a8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 152 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 152, incoming data = 152 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000090 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 000f [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x80102fe6 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_entry [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0060 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0060 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 750f1498 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : s.y.s.t.e.m.\.c.u.r.r.e.n.t.c.o.n.t.r.o.l.s.e.t.\.c.o.n.t.r.o.l.\.p.r.o.d.u.c.t.o.p.t.i.o.n.s... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 unknown_0 : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c access: 00020019 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0E 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (1) [2006/07/17 11:01:29, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\system\currentcontrolset\control\productoptions] [2006/07/17 11:01:29, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/system/currentcontrolset/control/productoptions] [2006/07/17 11:01:29, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/system/currentcontrolset/control/productoptions] [2006/07/17 11:01:29, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/07/17 11:01:29, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/07/17 11:01:29, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00020019, for NT token with 6 entries and first sid S-1-22-1-0. [2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(250) [2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-22-2-0 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 [2006/07/17 11:01:29, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (20019) granted. [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_entry [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd handle [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010f [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 620 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 152 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7477 name: winreg len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36802 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0F 01 00 ........ ........ [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 200 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xc8 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3155 of length 204 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=200 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36866 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 116 (0x74) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29815 (0x7477) smb_bcc=133 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 74 00 00 00 03 00 00 ........ .t...... [020] 00 5C 00 00 00 00 00 11 00 00 00 00 00 0F 01 00 .\...... ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 18 00 18 .....éQ» Dä...... [040] 00 80 14 0F 75 0C 00 00 00 00 00 00 00 0C 00 00 ....u... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 B0 F4 22 04 00 00 00 .y.p.e.. .°ô".... [070] 00 00 00 00 00 A8 F4 22 04 00 00 00 00 A0 F4 22 .....¨ô" ..... ô" [080] 04 00 00 00 00 ..... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=116 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7477) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7477 name: winreg open: Yes len: 116 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 116 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 116 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 100 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 100 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0074 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 100 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 100, incoming data = 100 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000005c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0011 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[10].fn == 0x801030bd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010f [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 750f1480 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 0000000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 0000000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 ptr_reserved: 0422f4b0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr_buf: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 unk1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c ptr_buflen: 0422f4a8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 buflen: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 ptr_buflen2: 0422f4a0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 buflen2: 00000000 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] [2006/07/17 11:01:29, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2006/07/17 11:01:29, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [ProductType] [2006/07/17 11:01:29, 8] registry/reg_frontend.c:fetch_reg_values_specific(298) fetch_reg_values_specific: Updating cache of values for [HKLM\system\currentcontrolset\control\productoptions] [2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_fetch_values(563) regdb_fetch_values: Looking for value of key [HKLM\system\currentcontrolset\control\productoptions] [2006/07/17 11:01:29, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [ProductType] [2006/07/17 11:01:29, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [ProductType] [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr: f000baaa [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buf_max_len: 00000012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ptr: f000baaa [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 buf_len: 00000012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 001c status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 70 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 100 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7477 name: winreg len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0038 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000020 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..56] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36866 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 AA BA 00 F0 01 00 00 . ...... .ªº.ð... [020] 00 00 00 00 00 AA BA 00 F0 12 00 00 00 AA BA 00 .....ªº. ð....ªº. [030] F0 12 00 00 00 00 00 00 00 ð....... . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 212 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xd4 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3156 of length 216 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36930 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29815 (0x7477) smb_bcc=145 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ [020] 00 68 00 00 00 00 00 11 00 00 00 00 00 0F 01 00 .h...... ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 18 00 18 .....éQ» Dä...... [040] 00 80 14 0F 75 0C 00 00 00 00 00 00 00 0C 00 00 ....u... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 B0 F4 22 04 90 DB 0D .y.p.e.. .°ô"..Û. [070] 00 90 DB 0D 00 12 00 00 00 00 00 00 00 00 00 00 ..Û..... ........ [080] 00 A8 F4 22 04 12 00 00 00 A0 F4 22 04 00 00 00 .¨ô".... . ô".... [090] 00 . [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=128 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7477) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7477 name: winreg open: Yes len: 128 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 128 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 112 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0080 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 112 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000068 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0011 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[10].fn == 0x801030bd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010f [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 750f1480 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 0000000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 0000000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 ptr_reserved: 0422f4b0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr_buf: 000ddb90 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 ptr_bufsize: 000ddb90 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c bufsize: 00000012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 buf_unk: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 unk1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 ptr_buflen: 0422f4a8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buflen: 00000012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 ptr_buflen2: 0422f4a0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buflen2: 00000000 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] [2006/07/17 11:01:29, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2006/07/17 11:01:29, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [ProductType] [2006/07/17 11:01:29, 8] registry/reg_frontend.c:fetch_reg_values_specific(298) fetch_reg_values_specific: Updating cache of values for [HKLM\system\currentcontrolset\control\productoptions] [2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_fetch_values(563) regdb_fetch_values: Looking for value of key [HKLM\system\currentcontrolset\control\productoptions] [2006/07/17 11:01:29, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [ProductType] [2006/07/17 11:01:29, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [ProductType] [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr: f000baaa [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_regval_buffer value [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buf_max_len: 00000012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 buf_len : 00000012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0018 buffer : L.a.n.m.a.n.N.T... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr: f000baaa [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 buf_max_len: 00000012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 ptr: f000baaa [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 buf_len: 00000012 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 003c status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 86 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 112 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7477 name: winreg len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 64. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000040 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..88] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36930 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 58 00 00 00 04 00 00 ........ .X...... [010] 00 40 00 00 00 00 00 00 00 AA BA 00 F0 01 00 00 .@...... .ªº.ð... [020] 00 AA BA 00 F0 12 00 00 00 00 00 00 00 12 00 00 .ªº.ð... ........ [030] 00 4C 00 61 00 6E 00 6D 00 61 00 6E 00 4E 00 54 .L.a.n.m .a.n.N.T [040] 00 00 00 00 00 AA BA 00 F0 12 00 00 00 AA BA 00 .....ªº. ð....ªº. [050] F0 12 00 00 00 00 00 00 00 ð....... . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3157 of length 132 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36994 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29815 (0x7477) smb_bcc=61 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 0F 01 00 ........ ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7477) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7477 name: winreg open: Yes len: 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x80102c9c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010f [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (1) [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7477 name: winreg len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=36994 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3158 of length 132 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37058 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29815 (0x7477) smb_bcc=61 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 0E 01 00 ........ ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7477) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7477 name: winreg open: Yes len: 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x80102c9c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 0000010e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0E 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0E 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (0) [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7477 name: winreg len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37058 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3159 of length 45 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=37122 smt_wct=3 smb_vwv[ 0]=29815 (0x7477) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7477 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7477 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7477 [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe winreg [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name winreg pnum=7477 (pipes_open=5) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=37122 smt_wct=0 smb_bcc=0 [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3160 of length 104 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37186 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/07/17 11:01:29, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2006/07/17 11:01:29, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=5) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=746a [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7463 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7462 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name spoolss pnum=7443 [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=5) [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 7478 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7478 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=746a [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7463 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7462 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7444 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=7443 [2006/07/17 11:01:29, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37186 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=30720 (0x7800) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 156 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x9c [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3161 of length 160 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37250 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29816 (0x7478) smb_bcc=89 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ [030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.Í «ï..#Eg. [040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 «.....]. .ë.É..è. [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=72 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7478 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7478 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7478) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7478 name: lsarpc open: Yes len: 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345778 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ab [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7478 name: lsarpc len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37250 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 168 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xa8 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3162 of length 172 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37314 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 84 (0x54) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 84 (0x54) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29816 (0x7478) smb_bcc=101 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 54 00 00 00 01 00 00 ........ .T...... [020] 00 3C 00 00 00 00 00 2C 00 38 4E 16 00 07 00 00 .<....., .8N..... [030] 00 00 00 00 00 07 00 00 00 42 00 41 00 41 00 44 ........ .B.A.A.D [040] 00 4D 00 31 00 00 00 00 00 18 00 00 00 00 00 00 .M.1.... ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 01 00 00 00 ..... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=84 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7478 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7478 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7478) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7478 name: lsarpc open: Yes len: 84 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 84 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0054 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000003c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002c [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x800fb618 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr : 00164e38 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000007 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000007 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : B.A.A.D.M.1... [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001e lsa_io_obj_attr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 len : 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 ptr_root_dir: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 ptr_obj_name: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c attributes : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 ptr_sec_desc: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 ptr_sec_qos : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 des_access: 00000001 [2006/07/17 11:01:29, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 12 entries and first sid S-1-5-21-1133090748-3639176701-2116357234-3000. [2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(250) [2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1133090748-3639176701-2116357234-3000 se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-513 se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-550 se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-3003 se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-3095 se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-3119 se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-3121 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 1 [2006/07/17 11:01:29, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000110 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 814 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 68 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7478 name: lsarpc len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37314 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 10 01 00 ........ ........ [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x82 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3163 of length 134 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37378 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29816 (0x7478) smb_bcc=63 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 10 01 00 ........ ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 03 00 .....éQ» Dä..... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7478 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7478 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7478) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7478 name: lsarpc open: Yes len: 46 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0007 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[2].fn == 0x800fba15 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000110 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 info_class: 0003 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 dom_ptr: 22000000 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 info_class: 0003 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000006 lsa_io_dom_query_3 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 uni_dom_max_len: 0018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a uni_dom_str_len: 001a [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buffer_dom_name: 00000001 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buffer_dom_sid : 00000001 [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 uni_max_len: 0000000d [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 offset : 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_str_len: 0000000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0020 buffer : B.A.U.M.A.N.N.-.G.M.B.H. [2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid2 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 num_auths: 00000004 [2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) 00003c smb_io_dom_sid sid [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 003c sid_rev_num: 01 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 003d num_auths : 04 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 003e id_auth[0] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 003f id_auth[1] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0040 id_auth[2] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0041 id_auth[3] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0042 id_auth[4] : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0043 id_auth[5] : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0044 sub_auths : 00000015 438997bc d8e96dfd 7e250c72 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0054 status: NT_STATUS_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 26 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7478 name: lsarpc len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 88. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0070 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000058 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..112] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37378 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 70 00 00 00 02 00 00 ........ .p...... [010] 00 58 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .X...... ...."... [020] 00 18 00 1A 00 01 00 00 00 01 00 00 00 0D 00 00 ........ ........ [030] 00 00 00 00 00 0C 00 00 00 42 00 41 00 55 00 4D ........ .B.A.U.M [040] 00 41 00 4E 00 4E 00 2D 00 47 00 4D 00 42 00 48 .A.N.N.- .G.M.B.H [050] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [060] 00 BC 97 89 43 FD 6D E9 D8 72 0C 25 7E 00 00 00 .¼..Cýmé Ør.%~... [070] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x82 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3164 of length 134 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37442 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29816 (0x7478) smb_bcc=63 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 10 01 00 ........ ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 06 00 .....éQ» Dä..... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7478 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7478 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7478) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7478 name: lsarpc open: Yes len: 46 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0007 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[2].fn == 0x800fba15 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000110 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 info_class: 0006 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 dom_ptr: 22000000 [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 info_class: 0006 [2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) 000006 lsa_io_dom_query_6 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 server_role: 0003 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0008 status: NT_STATUS_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7478 name: lsarpc len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37442 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 00 00 00 22 06 00 03 ........ ...."... [020] 00 00 00 00 00 ..... [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3165 of length 132 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37506 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29816 (0x7478) smb_bcc=61 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 10 01 00 ........ ........ [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7478 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7478 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7478) [2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803f7510 max_trans_reply: 1024 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7478 name: lsarpc open: Yes len: 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[4].fn == 0x800fbf06 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000110 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: e9 51 bb 44 e4 14 00 00 [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D [010] E4 14 00 00 ä... [2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7478 name: lsarpc len: 1024 [2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=4860 smb_uid=101 smb_mid=37506 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) Transaction 3166 of length 45 [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=37570 smt_wct=3 smb_vwv[ 0]=29816 (0x7478) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 5348) conn 0x8048e630 [2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 contains 12 SIDs SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 SID[ 11]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 512 and contains 7 supplementary groups Group[ 0]: 512 Group[ 1]: 513 Group[ 2]: 550 Group[ 3]: 1001 Group[ 4]: 1047 Group[ 5]: 1059 Group[ 6]: 1060 [2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,512) [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7478 [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7478 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=746a (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7463 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7462 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7444 (pipes_open=6) [2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=7443 (pipes_open=6) [2006/07/17 11:01:29, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7478 [2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=7478 (pipes_open=5) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) [2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=37570 smt_wct=0 smb_bcc=0 [2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/07/17 11:01:31, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1