The Samba-Bugzilla – Attachment 2043 Details for
Bug 3941
assigning users to printers fails on 3.0.23
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
smbd logfile Level 10
smbd.log (text/plain), 368.02 KB, created by
Rob
on 2006-07-18 02:22:39 UTC
(
hide
)
Description:
smbd logfile Level 10
Filename:
MIME Type:
Creator:
Rob
Created:
2006-07-18 02:22:39 UTC
Size:
368.02 KB
patch
obsolete
> smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:26, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 46 00 00 ........ .0...F.. > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/07/17 11:01:26, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 274 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x112 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3140 of length 278 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=274 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=35905 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 190 (0xBE) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 190 (0xBE) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29763 (0x7443) > smb_bcc=207 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 BE 00 00 00 67 39 00 ........ .¾...g9. > [020] 00 A6 00 00 00 00 00 45 00 28 AD 43 01 15 00 00 .¦.....E .(C.... > [030] 00 00 00 00 00 15 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A > [040] 00 41 00 44 00 4D 00 31 00 5C 00 53 00 6F 00 52 .A.D.M.1 .\.S.o.R > [050] 00 6F 00 2D 00 4C 00 61 00 73 00 65 00 72 00 32 .o.-.L.a .s.e.r.2 > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [070] 00 08 00 00 00 01 00 00 00 01 00 00 00 08 FF 77 ........ ......ÿw > [080] 02 1C 00 00 00 20 82 41 01 F4 FC 77 02 93 08 00 ..... .A .ôüw.... > [090] 00 03 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ > [0A0] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A > [0B0] 00 54 00 53 00 32 00 00 00 05 00 00 00 00 00 00 .T.S.2.. ........ > [0C0] 00 05 00 00 00 67 00 65 00 68 00 72 00 00 00 .....g.e .h.r... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=190 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7443 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=5) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "spoolss" (pnum 7443) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8049c548 max_trans_reply: 4280 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7443 name: spoolss open: Yes len: 190 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 190 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 190 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 190, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 174 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 174 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00be >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00003967 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 174 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 174, incoming data = 174 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 000000a6 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0045 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\spoolss >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[1].fn == 0x8011f241 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_q_open_printer_ex >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 0143ad28 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 printername >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000015 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000015 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.B.A.A.D.M.1.\.S.o.R.o.-.L.a.s.e.r.2... >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00003c spoolss_io_printer_default >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c datatype_ptr: 00000000 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unistr2 - NULL datatype >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 spoolss_io_devmode_cont >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 size: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 devmode_ptr: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 access_required: 00000008 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c user_switch: 00000001 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 spool_io_user_level >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 level: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 ptr: 0277ff08 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000058 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 size: 0000001c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c ptr: 01418220 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 ptr: 0277fcf4 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 build: 00000893 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 major: 00000003 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c minor: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 processor: 00000000 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000074 smb_io_unistr2 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 uni_max_len: 00000008 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c uni_str_len: 00000008 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0080 buffer : \.\.B.A.T.S.2... >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unistr2 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 uni_max_len: 00000005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 uni_str_len: 00000005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 009c buffer : g.e.h.r... > checking name: \\BAADM1\SoRo-Laser2 >[2006/07/17 11:01:29, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(564) > open_printer_hnd: name [\\BAADM1\SoRo-Laser2] >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[10] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(408) > Setting printer type=\\BAADM1\SoRo-Laser2 > Printer is a printer >[2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(447) > Setting printer name=\\BAADM1\SoRo-Laser2 (len=20) > searching for [SoRo-Laser2] > set_printer_hnd_name: Printer found: SoRo-Laser2 -> SoRo-Laser2 >[2006/07/17 11:01:29, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(599) > 10 printer handles active >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:get_printer_snum(391) > short name:SoRo-Laser2 >[2006/07/17 11:01:29, 10] smbd/share_access.c:user_ok_token(225) > user_ok_token: share SoRo-Laser2 is ok for unix user root >[2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1681) > Setting printer access = PRINTER_ACCESS_USE >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_r_open_printer_ex >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status code: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called spoolss successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 144 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 174 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7443 name: spoolss len: 4280 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00003967 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=35905 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 67 39 00 ........ .0...g9. > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0C 01 00 ........ ........ > [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 250 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0xfa >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3141 of length 254 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=250 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=35970 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 166 (0xA6) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 3172 (0xC64) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 166 (0xA6) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29764 (0x7444) > smb_bcc=183 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 43 05 00 00 03 10 00 00 00 A6 00 00 00 68 39 00 C....... .¦...h9. > [020] 00 8E 00 00 00 00 00 45 00 80 A8 42 01 09 00 00 .......E ..¨B.... > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A > [040] 00 41 00 44 00 4D 00 31 00 00 00 00 00 00 00 00 .A.D.M.1 ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [060] 00 01 00 00 00 A0 F7 CA 03 1C 00 00 00 20 82 41 ..... ÷Ê ..... .A > [070] 01 8C F5 CA 03 93 08 00 00 03 00 00 00 00 00 00 ..õÊ.... ........ > [080] 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 ........ ........ > [090] 00 5C 00 5C 00 42 00 41 00 54 00 53 00 32 00 00 .\.\.B.A .T.S.2.. > [0A0] 00 05 00 00 00 00 00 00 00 05 00 00 00 67 00 65 ........ .....g.e > [0B0] 00 68 00 72 00 00 00 .h.r... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=166 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=5) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "spoolss" (pnum 7444) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x80446a58 max_trans_reply: 3172 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7444 name: spoolss open: Yes len: 166 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 166 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 166 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 166, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 150 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 150 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00a6 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00003968 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 150 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 150, incoming data = 150 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000008e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0045 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\spoolss >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[1].fn == 0x8011f241 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_q_open_printer_ex >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 0142a880 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 printername >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000009 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000009 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.B.A.A.D.M.1... >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 spoolss_io_printer_default >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 datatype_ptr: 00000000 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_unistr2 - NULL datatype >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 spoolss_io_devmode_cont >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 size: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c devmode_ptr: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 access_required: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 user_switch: 00000001 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 spool_io_user_level >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 level: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c ptr: 03caf7a0 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 size: 0000001c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 ptr: 01418220 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 ptr: 03caf58c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c build: 00000893 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 major: 00000003 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 minor: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 processor: 00000000 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_unistr2 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c uni_max_len: 00000008 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 uni_str_len: 00000008 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0068 buffer : \.\.B.A.T.S.2... >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000078 smb_io_unistr2 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 uni_max_len: 00000005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 uni_str_len: 00000005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0084 buffer : g.e.h.r... > checking name: \\BAADM1 >[2006/07/17 11:01:29, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(564) > open_printer_hnd: name [\\BAADM1] >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[11] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(408) > Setting printer type=\\BAADM1 > Printer is a print server >[2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(447) > Setting printer name=\\BAADM1 (len=8) >[2006/07/17 11:01:29, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(599) > 11 printer handles active >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1621) > Setting print server access = SERVER_ACCESS_ENUMERATE >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_r_open_printer_ex >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010d >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status code: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called spoolss successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 120 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 150 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7444 name: spoolss len: 3172 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00003968 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=35970 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 68 39 00 ........ .0...h9. > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 01 00 ........ ........ > [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 1308 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x51c >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3142 of length 1312 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=1308 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36033 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1224 (0x4C8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1224 (0x4C8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29763 (0x7443) > smb_bcc=1241 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 C8 04 00 00 69 39 00 ........ .È...i9. > [020] 00 B0 04 00 00 00 00 08 00 00 00 00 00 0C 01 00 .°...... ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... > [040] 00 DC FA 77 02 8C 04 00 00 00 00 00 00 00 00 00 .Üúw.... ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=1224 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7443 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=5) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "spoolss" (pnum 7443) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8049c548 max_trans_reply: 4280 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7443 name: spoolss open: Yes len: 1224 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 1224 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 1224 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 1224, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 1208 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 1208 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 04c8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00003969 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 1208 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 1208, incoming data = 1208 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 000004b0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0008 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\spoolss >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[9].fn == 0x801201e0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_q_getprinter >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 level: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 0277fadc >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c prs_rpcbuffer >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c size: 0000048c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 04ac offered: 0000048c >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:get_printer_snum(391) > short name:SoRo-Laser2 >[2006/07/17 11:01:29, 10] printing/nt_printing.c:get_a_printer(4337) > get_a_printer: [SoRo-Laser2] level 2 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_devicemode(2656) > Unpacked devicemode [\\baadm1\SoRo-Laser2](A4) >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_devicemode(2658) > with a private section of 1230 bytes >[2006/07/17 11:01:29, 10] printing/nt_printing.c:add_new_printer_key(2695) > add_new_printer_key: Inserted new data key [PrinterDriverData] >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:TrayFormSize], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:TrayFormTable], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:FreeMem], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:JobTimeOut], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:Protocol], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PrinterDataSize], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PrinterData], len: 560 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:FeatureKeywordSize], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:FeatureKeyword], len: 67 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:XKEY_UI_MODE], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctSetup], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctSaveCode], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctHideUID], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctHideAID], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctUsage], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyDefaultUserId], len: 66 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyDefaultAcctId], len: 66 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyDeviceID], len: 146 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeySNMPNameEdit], len: 66 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyExtBidiEnable], len: 4 >[2006/07/17 11:01:29, 10] printing/nt_printing.c:add_new_printer_key(2695) > add_new_printer_key: Inserted new data key [DsSpooler] >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [DsSpooler:description], len: 22 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [DsSpooler:serverName], len: 14 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [DsSpooler:shortServerName], len: 14 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [DsSpooler:uNCName], len: 42 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc_buf nt_printing_getsec >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 max_len: 000000ac >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr : 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 len : 000000ac >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c sec_io_desc sec >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c revision : 0001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000e type : 8004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 off_owner_sid: 0000008c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 off_grp_sid : 0000009c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 off_sacl : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c off_dacl : 00000014 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_dom_sid owner_sid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0098 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0099 num_auths : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009a id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009b id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009c id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009d id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009e id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009f id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00a0 sub_auths : 00000020 00000220 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 0000a8 smb_io_dom_sid grp_sid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a8 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a9 num_auths : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00aa id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ab id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ac id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ad id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ae id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00af id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00b0 sub_auths : 00000020 00000220 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_acl dacl >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0020 revision: 0002 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0022 size : 0078 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 num_aces : 00000004 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 sec_io_ace ace_list[00]: >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0029 flags: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a size : 0024 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 00002c sec_io_access info >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c mask: 000f000c >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_dom_sid trustee >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0030 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0031 num_auths : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0032 id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0033 id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0034 id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0035 id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0036 id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0037 id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0038 sub_auths : 00000015 438997bc d8e96dfd 7e250c72 000001f4 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_ace ace_list[01]: >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004c type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004d flags: 09 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004e size : 0024 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000050 sec_io_access info >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 mask: 000f0030 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_dom_sid trustee >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0054 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0055 num_auths : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0056 id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0057 id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0058 id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0059 id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 005a id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 005b id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 005c sub_auths : 00000015 438997bc d8e96dfd 7e250c72 000001f4 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000070 sec_io_ace ace_list[02]: >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0070 type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0071 flags: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 size : 0014 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000074 sec_io_access info >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 mask: 000f000c >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000078 smb_io_dom_sid trustee >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0078 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0079 num_auths : 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007a id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007b id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007c id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007d id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007e id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007f id_auth[5] : 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0080 sub_auths : 00000000 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 sec_io_ace ace_list[03]: >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0084 type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0085 flags: 09 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 size : 0014 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000088 sec_io_access info >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 mask: 000f0030 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_dom_sid trustee >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008c sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008d num_auths : 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008e id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008f id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0090 id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0091 id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0092 id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0093 id_auth[5] : 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0094 sub_auths : 00000000 >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5241) > secdesc_ctr for SoRo-Laser2 has 4 aces: >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-5-21-1133090748-3639176701-2116357234-500 0 0 0x000f000c >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-5-21-1133090748-3639176701-2116357234-500 0 9 0x000f0030 >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-1-0 0 0 0x000f000c >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-1-0 0 9 0x000f0030 >[2006/07/17 11:01:29, 9] printing/nt_printing.c:get_a_printer_2(3810) > Unpacked printer [SoRo-Laser2] name [\\BAADM1\SoRo-Laser2] running driver [Xerox Document Centre 535 PS] >[2006/07/17 11:01:29, 4] printing/printing.c:print_cache_expired(1080) > print_cache_expired: cache expired for queue SoRo-Laser2 (last_qscan_time = 1153126723, time now = 1153126889, qcachetime = 30) >[2006/07/17 11:01:29, 4] printing/printing.c:print_cache_expired(1096) > print_cache_expired: message already pending for SoRo-Laser2. Accepting cache >[2006/07/17 11:01:29, 10] printing/nt_printing.c:get_c_setprinter(729) > get_c_setprinter: c_setprinter = 30 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_printer_info_0 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000462 smb_io_unistr printername >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_unistr(1224) > 0462 unistr: \.\.B.A.A.D.M.1.\.S.o.R.o.-.L.a.s.e.r.2... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 offset: 00000462 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000450 smb_io_unistr servername >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_unistr(1224) > 0450 unistr: \.\.B.A.A.D.M.1... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 offset: 00000450 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 cjobs: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c total_jobs: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 total_bytes: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 year: 07d6 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 month: 0005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 dayofweek: 0004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001a day: 0012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c hour: 000d >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e minute: 000f >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0020 second: 0019 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0022 milliseconds: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 global_counter: 0000001a >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 total_pages: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c major_version: 0005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e build_version: 0893 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 unknown7: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 unknown8: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 unknown9: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c session_counter: 0000001a >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 unknown11: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 printer_errors: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 unknown13: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c unknown14: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 unknown15: 0000024a >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 unknown16: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 change_id: 0025c19e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c unknown18: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 status: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 unknown20: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 c_setprinter: 0000001e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006c unknown22: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006e unknown23: 0006 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 unknown24: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 unknown25: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0074 unknown26: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0076 unknown27: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 unknown28: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a unknown29: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_r_getprinter >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: f000baaa >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 prs_rpcbuffer >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 size: 0000048c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0494 needed: 000000b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0498 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called spoolss successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 112 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 1208 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7443 name: spoolss len: 4280 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 1180. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 04b4 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00003969 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000049c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..1204] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=1260 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36033 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1204 (0x4B4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1204 (0x4B4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1205 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 B4 04 00 00 69 39 00 ........ .´...i9. > [010] 00 9C 04 00 00 00 00 00 00 AA BA 00 F0 8C 04 00 ........ .ªº.ð... > [020] 00 62 04 00 00 50 04 00 00 00 00 00 00 00 00 00 .b...P.. ........ > [030] 00 00 00 00 00 D6 07 05 00 04 00 12 00 0D 00 0F .....Ö.. ........ > [040] 00 19 00 00 00 1A 00 00 00 00 00 00 00 05 00 93 ........ ........ > [050] 08 01 00 00 00 00 00 00 00 00 00 00 00 1A 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [070] 00 4A 02 00 00 00 00 00 00 9E C1 25 00 00 00 00 .J...... ..Á%.... > [080] 00 00 00 00 00 00 00 00 00 1E 00 00 00 00 00 06 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 176 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0xb0 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3143 of length 180 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36098 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 3172 (0xC64) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 92 (0x5C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29764 (0x7444) > smb_bcc=109 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 5C 00 00 00 6A 39 00 ........ .\...j9. > [020] 00 44 00 00 00 00 00 1A 00 00 00 00 00 0D 01 00 .D...... ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 0F 00 00 .....éQ» Dä...... > [040] 00 00 00 00 00 0F 00 00 00 57 00 33 00 53 00 76 ........ .W.3.S.v > [050] 00 63 00 49 00 6E 00 73 00 74 00 61 00 6C 00 6C .c.I.n.s .t.a.l.l > [060] 00 65 00 64 00 00 00 00 00 04 00 00 00 .e.d.... ..... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=92 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=5) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "spoolss" (pnum 7444) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x80446a58 max_trans_reply: 3172 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7444 name: spoolss open: Yes len: 92 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 92 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 76 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 005c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000396a >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 76 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000044 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 001a >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\spoolss >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[2].fn == 0x8011f3d4 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_q_getprinterdata >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010d >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 valuename >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 uni_max_len: 0000000f >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_str_len: 0000000f >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0020 buffer : W.3.S.v.c.I.n.s.t.a.l.l.e.d... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 size: 00000004 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:_spoolss_getprinterdata(2441) > _spoolss_getprinterdata >[2006/07/17 11:01:29, 8] rpc_server/srv_spoolss_nt.c:getprinterdata_printer_server(2249) > getprinterdata_printer_server:W3SvcInstalled >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_r_getprinterdata >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 type: 00000004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 size: 00000004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0008 data: 38 00 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c needed: 00000004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0010 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called spoolss successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 34 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 76 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7444 name: spoolss len: 3172 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 20. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000396a >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000014 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..44] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=100 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36098 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 44 (0x2C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 6A 39 00 ........ .,...j9. > [010] 00 14 00 00 00 00 00 00 00 04 00 00 00 04 00 00 ........ ........ > [020] 00 38 00 00 00 04 00 00 00 00 00 00 00 .8...... ..... >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 1308 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x51c >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3144 of length 1312 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=1308 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36161 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1224 (0x4C8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1224 (0x4C8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29763 (0x7443) > smb_bcc=1241 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 C8 04 00 00 6B 39 00 ........ .È...k9. > [020] 00 B0 04 00 00 00 00 08 00 00 00 00 00 0C 01 00 .°...... ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... > [040] 00 00 FB 77 02 8C 04 00 00 00 00 00 00 00 00 00 ..ûw.... ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=1224 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7443 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=5) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "spoolss" (pnum 7443) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8049c548 max_trans_reply: 4280 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7443 name: spoolss open: Yes len: 1224 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 1224 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 1224 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 1224, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 1208 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 1208 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 04c8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000396b >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 1208 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 1208, incoming data = 1208 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 000004b0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0008 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\spoolss >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[9].fn == 0x801201e0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_q_getprinter >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 level: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 0277fb00 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c prs_rpcbuffer >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c size: 0000048c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 04ac offered: 0000048c >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_spoolss_nt.c:get_printer_snum(391) > short name:SoRo-Laser2 >[2006/07/17 11:01:29, 10] printing/nt_printing.c:get_a_printer(4337) > get_a_printer: [SoRo-Laser2] level 2 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_devicemode(2656) > Unpacked devicemode [\\baadm1\SoRo-Laser2](A4) >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_devicemode(2658) > with a private section of 1230 bytes >[2006/07/17 11:01:29, 10] printing/nt_printing.c:add_new_printer_key(2695) > add_new_printer_key: Inserted new data key [PrinterDriverData] >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:TrayFormSize], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:TrayFormTable], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:FreeMem], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:JobTimeOut], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:Protocol], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PrinterDataSize], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PrinterData], len: 560 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:FeatureKeywordSize], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:FeatureKeyword], len: 67 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:XKEY_UI_MODE], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctSetup], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctSaveCode], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctHideUID], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctHideAID], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyAcctUsage], len: 4 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyDefaultUserId], len: 66 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyDefaultAcctId], len: 66 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyDeviceID], len: 146 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeySNMPNameEdit], len: 66 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [PrinterDriverData:PKeyExtBidiEnable], len: 4 >[2006/07/17 11:01:29, 10] printing/nt_printing.c:add_new_printer_key(2695) > add_new_printer_key: Inserted new data key [DsSpooler] >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [DsSpooler:description], len: 22 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [DsSpooler:serverName], len: 14 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [DsSpooler:shortServerName], len: 14 >[2006/07/17 11:01:29, 8] printing/nt_printing.c:unpack_values(3548) > specific: [DsSpooler:uNCName], len: 42 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc_buf nt_printing_getsec >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 max_len: 000000ac >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr : 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 len : 000000ac >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c sec_io_desc sec >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c revision : 0001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000e type : 8004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 off_owner_sid: 0000008c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 off_grp_sid : 0000009c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 off_sacl : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c off_dacl : 00000014 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_dom_sid owner_sid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0098 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0099 num_auths : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009a id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009b id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009c id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009d id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009e id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009f id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00a0 sub_auths : 00000020 00000220 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 0000a8 smb_io_dom_sid grp_sid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a8 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a9 num_auths : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00aa id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ab id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ac id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ad id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ae id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00af id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00b0 sub_auths : 00000020 00000220 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_acl dacl >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0020 revision: 0002 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0022 size : 0078 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 num_aces : 00000004 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 sec_io_ace ace_list[00]: >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0029 flags: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a size : 0024 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 00002c sec_io_access info >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c mask: 000f000c >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_dom_sid trustee >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0030 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0031 num_auths : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0032 id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0033 id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0034 id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0035 id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0036 id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0037 id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0038 sub_auths : 00000015 438997bc d8e96dfd 7e250c72 000001f4 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_ace ace_list[01]: >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004c type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004d flags: 09 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004e size : 0024 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000050 sec_io_access info >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 mask: 000f0030 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_dom_sid trustee >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0054 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0055 num_auths : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0056 id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0057 id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0058 id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0059 id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 005a id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 005b id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 005c sub_auths : 00000015 438997bc d8e96dfd 7e250c72 000001f4 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000070 sec_io_ace ace_list[02]: >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0070 type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0071 flags: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 size : 0014 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000074 sec_io_access info >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 mask: 000f000c >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000078 smb_io_dom_sid trustee >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0078 sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0079 num_auths : 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007a id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007b id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007c id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007d id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007e id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 007f id_auth[5] : 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0080 sub_auths : 00000000 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 sec_io_ace ace_list[03]: >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0084 type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0085 flags: 09 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 size : 0014 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000088 sec_io_access info >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 mask: 000f0030 >[2006/07/17 11:01:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_dom_sid trustee >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008c sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008d num_auths : 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008e id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008f id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0090 id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0091 id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0092 id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0093 id_auth[5] : 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0094 sub_auths : 00000000 >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5241) > secdesc_ctr for SoRo-Laser2 has 4 aces: >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-5-21-1133090748-3639176701-2116357234-500 0 0 0x000f000c >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-5-21-1133090748-3639176701-2116357234-500 0 9 0x000f0030 >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-1-0 0 0 0x000f000c >[2006/07/17 11:01:29, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-1-0 0 9 0x000f0030 >[2006/07/17 11:01:29, 9] printing/nt_printing.c:get_a_printer_2(3810) > Unpacked printer [SoRo-Laser2] name [\\BAADM1\SoRo-Laser2] running driver [Xerox Document Centre 535 PS] >[2006/07/17 11:01:29, 4] printing/printing.c:print_cache_expired(1080) > print_cache_expired: cache expired for queue SoRo-Laser2 (last_qscan_time = 1153126723, time now = 1153126889, qcachetime = 30) >[2006/07/17 11:01:29, 4] printing/printing.c:print_cache_expired(1096) > print_cache_expired: message already pending for SoRo-Laser2. Accepting cache >[2006/07/17 11:01:29, 10] printing/nt_printing.c:get_c_setprinter(729) > get_c_setprinter: c_setprinter = 30 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_printer_info_0 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000462 smb_io_unistr printername >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_unistr(1224) > 0462 unistr: \.\.B.A.A.D.M.1.\.S.o.R.o.-.L.a.s.e.r.2... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 offset: 00000462 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000450 smb_io_unistr servername >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_unistr(1224) > 0450 unistr: \.\.B.A.A.D.M.1... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 offset: 00000450 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 cjobs: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c total_jobs: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 total_bytes: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 year: 07d6 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 month: 0005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 dayofweek: 0004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001a day: 0012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c hour: 000d >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e minute: 000f >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0020 second: 0019 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0022 milliseconds: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 global_counter: 0000001b >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 total_pages: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c major_version: 0005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e build_version: 0893 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 unknown7: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 unknown8: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 unknown9: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c session_counter: 0000001b >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 unknown11: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 printer_errors: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 unknown13: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c unknown14: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 unknown15: 0000024a >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 unknown16: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 change_id: 0025c19e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c unknown18: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 status: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 unknown20: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 c_setprinter: 0000001e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006c unknown22: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006e unknown23: 0006 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 unknown24: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 unknown25: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0074 unknown26: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0076 unknown27: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 unknown28: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a unknown29: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_r_getprinter >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: f000baaa >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 prs_rpcbuffer >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 size: 0000048c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0494 needed: 000000b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0498 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called spoolss successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 112 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 1208 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7443 name: spoolss len: 4280 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 1180. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 04b4 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000396b >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000049c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..1204] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=1260 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36161 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1204 (0x4B4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1204 (0x4B4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1205 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 B4 04 00 00 6B 39 00 ........ .´...k9. > [010] 00 9C 04 00 00 00 00 00 00 AA BA 00 F0 8C 04 00 ........ .ªº.ð... > [020] 00 62 04 00 00 50 04 00 00 00 00 00 00 00 00 00 .b...P.. ........ > [030] 00 00 00 00 00 D6 07 05 00 04 00 12 00 0D 00 0F .....Ö.. ........ > [040] 00 19 00 00 00 1B 00 00 00 00 00 00 00 05 00 93 ........ ........ > [050] 08 01 00 00 00 00 00 00 00 00 00 00 00 1B 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [070] 00 4A 02 00 00 00 00 00 00 9E C1 25 00 00 00 00 .J...... ..Á%.... > [080] 00 00 00 00 00 00 00 00 00 1E 00 00 00 00 00 06 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x80 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3145 of length 132 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36226 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 3172 (0xC64) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29764 (0x7444) > smb_bcc=61 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 43 05 00 00 03 10 00 00 00 2C 00 00 00 6C 39 00 C....... .,...l9. > [020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 0D 01 00 ........ ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=5) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "spoolss" (pnum 7444) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x80446a58 max_trans_reply: 3172 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7444 name: spoolss open: Yes len: 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000396c >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 001d >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\spoolss >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[3].fn == 0x8011f6e7 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_q_closeprinter >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010d >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0D 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_r_closeprinter >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called spoolss successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7444 name: spoolss len: 3172 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000396c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36226 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 6C 39 00 ........ .0...l9. > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x80 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3146 of length 132 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36290 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29763 (0x7443) > smb_bcc=61 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 6D 39 00 ........ .,...m9. > [020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 0C 01 00 ........ ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7443 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=5) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "spoolss" (pnum 7443) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x8049c548 max_trans_reply: 4280 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7443 name: spoolss open: Yes len: 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000396d >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 001d >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\spoolss >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[3].fn == 0x8011f6e7 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_q_closeprinter >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0C 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 spoolss_io_r_closeprinter >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd printer handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called spoolss successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7443 name: spoolss len: 4280 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000396d >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=556 > smb_uid=101 > smb_mid=36290 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 6D 39 00 ........ .0...m9. > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 100 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x64 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3147 of length 104 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36354 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] F8 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 ø\.l.s.a .r.p.c.. > [010] 00 . >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/07/17 11:01:29, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \lsarpc. >[2006/07/17 11:01:29, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe lsarpc opening. >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=746a >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7463 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7462 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7443 >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe lsarpc (pipes_open=5) >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 7476 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7476 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=746a >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7463 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7462 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7443 >[2006/07/17 11:01:29, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36354 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=30208 (0x7600) > smb_vwv[ 3]= 372 (0x174) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 156 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x9c >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3148 of length 160 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36418 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29814 (0x7476) > smb_bcc=89 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ > [030] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9.±Ð ..¨.ÀOÙ. > [040] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 õ.....]. .ë.É..è. > [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=72 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7476 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7476 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7476) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7476 name: lsarpc open: Yes len: 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) > api_pipe_bind_req: decode request. 1523 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 3919286a >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : b10c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : 11d0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : 9b a8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 00 c0 4f d9 2e f5 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000000 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) > api_pipe_bind_req: make response. 1576 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:check_bind_req(985) > check_bind_req for \PIPE\lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\lsarpc >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\lsass. >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7476 name: lsarpc len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36418 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 110 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x6e >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3149 of length 114 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=110 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36482 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29814 (0x7476) > smb_bcc=43 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ > [020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=26 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7476 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7476 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7476) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7476 name: lsarpc open: Yes len: 26 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 26 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 10 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 001a >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 10 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000002 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0000 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 71 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: lsarpc op 0x0 - unknown >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 23 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0020 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_hdr_fault fault >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(793) > 0018 status : DCERPC_FAULT_OP_RNG_ERROR >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c reserved: 00000000 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 10 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7476 name: lsarpc len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36482 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x29 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3150 of length 45 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=36546 > smt_wct=3 > smb_vwv[ 0]=29814 (0x7476) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7476 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7476 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7476 >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name lsarpc pnum=7476 (pipes_open=5) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=36546 > smt_wct=0 > smb_bcc=0 >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 100 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x64 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3151 of length 104 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36610 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [010] 00 . >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/07/17 11:01:29, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \winreg. >[2006/07/17 11:01:29, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe winreg opening. >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested winreg (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=746a >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7463 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7462 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7443 >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested winreg >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe winreg >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe winreg (pipes_open=5) >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe winreg with handle 7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name winreg pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=746a >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7463 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7462 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7443 >[2006/07/17 11:01:29, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \winreg >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36610 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=30464 (0x7700) > smb_vwv[ 3]= 372 (0x174) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 156 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x9c >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3152 of length 160 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36674 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29815 (0x7477) > smb_bcc=89 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ > [030] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ..Ð.3D"ñ 1ªª..8.. > [040] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. > [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=72 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7477) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7477 name: winreg open: Yes len: 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) > api_pipe_bind_req: decode request. 1523 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 338cd001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 2244 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : 31f1 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : aa aa >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 90 00 38 00 10 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000001 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) > api_pipe_bind_req: make response. 1576 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:check_bind_req(985) > check_bind_req for \PIPE\winreg >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\samr >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\NETLOGON >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\srvsvc >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\wkssvc >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\winreg >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000d >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\winreg. >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000017 smb_io_rpc_results >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7477 name: winreg len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36674 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE > [020] 5C 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 \winreg. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 120 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x78 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3153 of length 124 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36738 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29815 (0x7477) > smb_bcc=53 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [020] 00 0C 00 00 00 00 00 02 00 84 F4 22 04 88 01 00 ........ ..ô".... > [030] 00 00 00 00 02 ..... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=36 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7477) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7477 name: winreg open: Yes len: 36 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 36 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 20 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 20 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0002 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 71 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\winreg >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[3].fn == 0x80102d73 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_open_hive >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 0422f484 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 server: 0188 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 access: 02000000 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 >[2006/07/17 11:01:29, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(449) > NT user token: (NULL) >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_open(265) > regdb_open: refcount reset (1) >[2006/07/17 11:01:29, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM] >[2006/07/17 11:01:29, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM] >[2006/07/17 11:01:29, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM] >[2006/07/17 11:01:29, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2006/07/17 11:01:29, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2006/07/17 11:01:29, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-22-1-0. >[2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(250) >[2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 0E 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_open_hive >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called winreg successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 510 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 20 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7477 name: winreg len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36738 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 01 00 ........ ........ > [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 252 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0xfc >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3154 of length 256 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=252 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36802 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 168 (0xA8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 168 (0xA8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29815 (0x7477) > smb_bcc=185 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 A8 00 00 00 02 00 00 ........ .¨...... > [020] 00 90 00 00 00 00 00 0F 00 00 00 00 00 0E 01 00 ........ ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 60 00 60 .....éQ» Dä...`.` > [040] 00 98 14 0F 75 30 00 00 00 00 00 00 00 30 00 00 ....u0.. .....0.. > [050] 00 73 00 79 00 73 00 74 00 65 00 6D 00 5C 00 63 .s.y.s.t .e.m.\.c > [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 63 00 6F .u.r.r.e .n.t.c.o > [070] 00 6E 00 74 00 72 00 6F 00 6C 00 73 00 65 00 74 .n.t.r.o .l.s.e.t > [080] 00 5C 00 63 00 6F 00 6E 00 74 00 72 00 6F 00 6C .\.c.o.n .t.r.o.l > [090] 00 5C 00 70 00 72 00 6F 00 64 00 75 00 63 00 74 .\.p.r.o .d.u.c.t > [0A0] 00 6F 00 70 00 74 00 69 00 6F 00 6E 00 73 00 00 .o.p.t.i .o.n.s.. > [0B0] 00 00 00 00 00 19 00 02 00 ........ . >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=168 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7477) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7477 name: winreg open: Yes len: 168 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 168 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 152 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00a8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 152 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 152, incoming data = 152 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000090 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 000f >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\winreg >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[1].fn == 0x80102fe6 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_open_entry >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 length: 0060 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size: 0060 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 750f1498 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 00000030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 00000030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : s.y.s.t.e.m.\.c.u.r.r.e.n.t.c.o.n.t.r.o.l.s.e.t.\.c.o.n.t.r.o.l.\.p.r.o.d.u.c.t.o.p.t.i.o.n.s... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 unknown_0 : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 008c access: 00020019 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0E 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (1) >[2006/07/17 11:01:29, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\system\currentcontrolset\control\productoptions] >[2006/07/17 11:01:29, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/system/currentcontrolset/control/productoptions] >[2006/07/17 11:01:29, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/system/currentcontrolset/control/productoptions] >[2006/07/17 11:01:29, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2006/07/17 11:01:29, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2006/07/17 11:01:29, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00020019, for NT token with 6 entries and first sid S-1-22-1-0. >[2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(250) >[2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 >[2006/07/17 11:01:29, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (20019) granted. >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_open_entry >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd handle >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010f >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called winreg successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 620 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 152 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7477 name: winreg len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36802 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0F 01 00 ........ ........ > [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 200 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0xc8 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3155 of length 204 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=200 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36866 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 116 (0x74) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29815 (0x7477) > smb_bcc=133 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 74 00 00 00 03 00 00 ........ .t...... > [020] 00 5C 00 00 00 00 00 11 00 00 00 00 00 0F 01 00 .\...... ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 18 00 18 .....éQ» Dä...... > [040] 00 80 14 0F 75 0C 00 00 00 00 00 00 00 0C 00 00 ....u... ........ > [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T > [060] 00 79 00 70 00 65 00 00 00 B0 F4 22 04 00 00 00 .y.p.e.. .°ô".... > [070] 00 00 00 00 00 A8 F4 22 04 00 00 00 00 A0 F4 22 .....¨ô" ..... ô" > [080] 04 00 00 00 00 ..... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=116 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7477) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7477 name: winreg open: Yes len: 116 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 116 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 116 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 100 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 100 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0074 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 100 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 100, incoming data = 100 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000005c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0011 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\winreg >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[10].fn == 0x801030bd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_query_value >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010f >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 length: 0018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size: 0018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 750f1480 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 0000000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 0000000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 ptr_reserved: 0422f4b0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 ptr_buf: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 unk1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c ptr_buflen: 0422f4a8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 buflen: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 ptr_buflen2: 0422f4a0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 buflen2: 00000000 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) > _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] >[2006/07/17 11:01:29, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) > _reg_info: policy key type = [00000000] >[2006/07/17 11:01:29, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) > _reg_info: looking up value: [ProductType] >[2006/07/17 11:01:29, 8] registry/reg_frontend.c:fetch_reg_values_specific(298) > fetch_reg_values_specific: Updating cache of values for [HKLM\system\currentcontrolset\control\productoptions] >[2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_fetch_values(563) > regdb_fetch_values: Looking for value of key [HKLM\system\currentcontrolset\control\productoptions] >[2006/07/17 11:01:29, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) > _reg_info: Testing value [ProductType] >[2006/07/17 11:01:29, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) > _reg_info: Found match for value [ProductType] >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_query_value >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: f000baaa >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 ptr: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c ptr: f000baaa >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 buf_max_len: 00000012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 ptr: f000baaa >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 buf_len: 00000012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 001c status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called winreg successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 70 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 100 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7477 name: winreg len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0038 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000020 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..56] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36866 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 AA BA 00 F0 01 00 00 . ...... .ªº.ð... > [020] 00 00 00 00 00 AA BA 00 F0 12 00 00 00 AA BA 00 .....ªº. ð....ªº. > [030] F0 12 00 00 00 00 00 00 00 ð....... . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 212 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0xd4 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3156 of length 216 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=212 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36930 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 128 (0x80) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29815 (0x7477) > smb_bcc=145 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ > [020] 00 68 00 00 00 00 00 11 00 00 00 00 00 0F 01 00 .h...... ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 18 00 18 .....éQ» Dä...... > [040] 00 80 14 0F 75 0C 00 00 00 00 00 00 00 0C 00 00 ....u... ........ > [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T > [060] 00 79 00 70 00 65 00 00 00 B0 F4 22 04 90 DB 0D .y.p.e.. .°ô"..Û. > [070] 00 90 DB 0D 00 12 00 00 00 00 00 00 00 00 00 00 ..Û..... ........ > [080] 00 A8 F4 22 04 12 00 00 00 A0 F4 22 04 00 00 00 .¨ô".... . ô".... > [090] 00 . >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=128 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7477) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7477 name: winreg open: Yes len: 128 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 128 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 112 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0080 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 112 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000068 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0011 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\winreg >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[10].fn == 0x801030bd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_query_value >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010f >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 length: 0018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size: 0018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr: 750f1480 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 0000000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 0000000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 ptr_reserved: 0422f4b0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 ptr_buf: 000ddb90 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 ptr_bufsize: 000ddb90 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c bufsize: 00000012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 buf_unk: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 unk1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_buflen: 0422f4a8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buflen: 00000012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 ptr_buflen2: 0422f4a0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buflen2: 00000000 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) > _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] >[2006/07/17 11:01:29, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) > _reg_info: policy key type = [00000000] >[2006/07/17 11:01:29, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) > _reg_info: looking up value: [ProductType] >[2006/07/17 11:01:29, 8] registry/reg_frontend.c:fetch_reg_values_specific(298) > fetch_reg_values_specific: Updating cache of values for [HKLM\system\currentcontrolset\control\productoptions] >[2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_fetch_values(563) > regdb_fetch_values: Looking for value of key [HKLM\system\currentcontrolset\control\productoptions] >[2006/07/17 11:01:29, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) > _reg_info: Testing value [ProductType] >[2006/07/17 11:01:29, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) > _reg_info: Found match for value [ProductType] >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_query_value >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: f000baaa >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 ptr: f000baaa >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_regval_buffer value >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buf_max_len: 00000012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 buf_len : 00000012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0018 buffer : L.a.n.m.a.n.N.T... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c ptr: f000baaa >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 buf_max_len: 00000012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 ptr: f000baaa >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 buf_len: 00000012 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 003c status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called winreg successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 86 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 112 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7477 name: winreg len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 64. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000040 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..88] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36930 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 58 00 00 00 04 00 00 ........ .X...... > [010] 00 40 00 00 00 00 00 00 00 AA BA 00 F0 01 00 00 .@...... .ªº.ð... > [020] 00 AA BA 00 F0 12 00 00 00 00 00 00 00 12 00 00 .ªº.ð... ........ > [030] 00 4C 00 61 00 6E 00 6D 00 61 00 6E 00 4E 00 54 .L.a.n.m .a.n.N.T > [040] 00 00 00 00 00 AA BA 00 F0 12 00 00 00 AA BA 00 .....ªº. ð....ªº. > [050] F0 12 00 00 00 00 00 00 00 ð....... . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x80 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3157 of length 132 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36994 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29815 (0x7477) > smb_bcc=61 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 0F 01 00 ........ ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7477) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7477 name: winreg open: Yes len: 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0005 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\winreg >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[0].fn == 0x80102c9c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_close >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010f >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0F 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (1) >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_close >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called winreg successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7477 name: winreg len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=36994 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x80 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3158 of length 132 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37058 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29815 (0x7477) > smb_bcc=61 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 0E 01 00 ........ ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "winreg" (pnum 7477) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7477 name: winreg open: Yes len: 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0005 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\winreg >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[0].fn == 0x80102c9c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_close >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 0000010e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0E 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 0E 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/07/17 11:01:29, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (0) >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_close >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_werror(824) > 0014 status: WERR_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called winreg successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7477 name: winreg len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37058 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x29 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3159 of length 45 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=37122 > smt_wct=3 > smb_vwv[ 0]=29815 (0x7477) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7477 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name winreg pnum=7477 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7477 >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe winreg >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name winreg pnum=7477 (pipes_open=5) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=37122 > smt_wct=0 > smb_bcc=0 >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 100 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x64 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3160 of length 104 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37186 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBntcreateX (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/07/17 11:01:29, 4] smbd/nttrans.c:nt_open_pipe(325) > nt_open_pipe: Opening pipe \lsarpc. >[2006/07/17 11:01:29, 3] smbd/nttrans.c:nt_open_pipe(346) > nt_open_pipe: Known pipe lsarpc opening. >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=5) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=746a >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7463 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7462 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name spoolss pnum=7443 >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe lsarpc (pipes_open=5) >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 7478 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7478 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=746a >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7463 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7462 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7444 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name spoolss pnum=7443 >[2006/07/17 11:01:29, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37186 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=30720 (0x7800) > smb_vwv[ 3]= 372 (0x174) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 156 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x9c >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3161 of length 160 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37250 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29816 (0x7478) > smb_bcc=89 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ > [030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.Í «ï..#Eg. > [040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 «.....]. .ë.É..è. > [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=72 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7478 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7478 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7478) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7478 name: lsarpc open: Yes len: 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) > api_pipe_bind_req: decode request. 1523 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0008 num_contexts: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c context_id : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 000e num_transfer_syntaxes: 01 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 data : 12345778 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 data : 1234 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 data : abcd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 data : ef 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a data : 01 23 45 67 89 ab >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 version: 00000000 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 data : 8a885d04 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0028 data : 1ceb >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a data : 11c9 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002c data : 9f e8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002e data : 08 00 2b 10 48 60 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 version: 00000002 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) > api_pipe_bind_req: make response. 1576 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe.c:check_bind_req(985) > check_bind_req for \PIPE\lsarpc >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe.c:check_bind_req(990) > checking \PIPE\lsarpc >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 max_tsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 max_rsize: 10b8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 assoc_gid: 000053f0 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 len: 000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000a str: \PIPE\lsass. >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_results: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c result : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e reason : 0000 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 8a885d04 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1ceb >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11c9 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9f e8 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 08 00 2b 10 48 60 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000002 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 56 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7478 name: lsarpc len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37250 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 168 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0xa8 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3162 of length 172 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37314 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 84 (0x54) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 84 (0x54) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29816 (0x7478) > smb_bcc=101 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 54 00 00 00 01 00 00 ........ .T...... > [020] 00 3C 00 00 00 00 00 2C 00 38 4E 16 00 07 00 00 .<....., .8N..... > [030] 00 00 00 00 00 07 00 00 00 42 00 41 00 41 00 44 ........ .B.A.A.D > [040] 00 4D 00 31 00 00 00 00 00 18 00 00 00 00 00 00 .M.1.... ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 01 00 00 00 ..... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=84 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7478 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7478 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7478) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7478 name: lsarpc open: Yes len: 84 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 84 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 68 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0054 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 68 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 0000003c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 002c >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 71 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[0].fn == 0x800fb618 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol2 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr : 00164e38 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000007 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000007 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : B.A.A.D.M.1... >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001e lsa_io_obj_attr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 len : 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 ptr_root_dir: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 ptr_obj_name: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c attributes : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 ptr_sec_desc: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 ptr_sec_qos : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 des_access: 00000001 >[2006/07/17 11:01:29, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 12 entries and first sid S-1-5-21-1133090748-3639176701-2116357234-3000. >[2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(250) >[2006/07/17 11:01:29, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-1133090748-3639176701-2116357234-3000 > se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-513 > se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-550 > se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-3003 > se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-3095 > se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-3119 > se_access_check: also S-1-5-21-1133090748-3639176701-2116357234-3121 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 1 >[2006/07/17 11:01:29, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol2 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000110 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called lsarpc successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 814 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 68 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7478 name: lsarpc len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37314 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 10 01 00 ........ ........ > [020] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 00 00 00 .....éQ» Dä...... > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 130 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x82 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3163 of length 134 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37378 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29816 (0x7478) > smb_bcc=63 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 10 01 00 ........ ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 03 00 .....éQ» Dä..... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7478 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7478 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7478) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7478 name: lsarpc open: Yes len: 46 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 46 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000016 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0007 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[2].fn == 0x800fba15 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000110 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 info_class: 0003 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 dom_ptr: 22000000 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 lsa_io_query_info_ctr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 info_class: 0003 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000006 lsa_io_dom_query_3 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 uni_dom_max_len: 0018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a uni_dom_str_len: 001a >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buffer_dom_name: 00000001 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 buffer_dom_sid : 00000001 >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 uni_max_len: 0000000d >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 offset : 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_str_len: 0000000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0020 buffer : B.A.U.M.A.N.N.-.G.M.B.H. >[2006/07/17 11:01:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid2 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 num_auths: 00000004 >[2006/07/17 11:01:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00003c smb_io_dom_sid sid >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003c sid_rev_num: 01 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003d num_auths : 04 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003e id_auth[0] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003f id_auth[1] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0040 id_auth[2] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0041 id_auth[3] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0042 id_auth[4] : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0043 id_auth[5] : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0044 sub_auths : 00000015 438997bc d8e96dfd 7e250c72 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0054 status: NT_STATUS_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called lsarpc successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 26 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 30 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7478 name: lsarpc len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 88. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0070 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000058 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..112] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37378 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=113 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 70 00 00 00 02 00 00 ........ .p...... > [010] 00 58 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .X...... ...."... > [020] 00 18 00 1A 00 01 00 00 00 01 00 00 00 0D 00 00 ........ ........ > [030] 00 00 00 00 00 0C 00 00 00 42 00 41 00 55 00 4D ........ .B.A.U.M > [040] 00 41 00 4E 00 4E 00 2D 00 47 00 4D 00 42 00 48 .A.N.N.- .G.M.B.H > [050] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [060] 00 BC 97 89 43 FD 6D E9 D8 72 0C 25 7E 00 00 00 .¼..Cýmé Ør.%~... > [070] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 130 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x82 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3164 of length 134 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37442 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29816 (0x7478) > smb_bcc=63 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 10 01 00 ........ ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 06 00 .....éQ» Dä..... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7478 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7478 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7478) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7478 name: lsarpc open: Yes len: 46 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 46 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 30 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000016 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0007 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[2].fn == 0x800fba15 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000110 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 info_class: 0006 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 dom_ptr: 22000000 >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 lsa_io_query_info_ctr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 info_class: 0006 >[2006/07/17 11:01:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000006 lsa_io_dom_query_6 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 server_role: 0003 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0008 status: NT_STATUS_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called lsarpc successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 30 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7478 name: lsarpc len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37442 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 00 00 00 22 06 00 03 ........ ...."... > [020] 00 00 00 00 00 ..... >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 128 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x80 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3165 of length 132 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37506 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29816 (0x7478) > smb_bcc=61 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 30 .\.P.I.P .E.\...0 > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 10 01 00 ........ ........ > [030] 00 00 00 00 00 E9 51 BB 44 E4 14 00 00 .....éQ» Dä... >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBtrans (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 3] smbd/ipc.c:handle_trans(373) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/07/17 11:01:29, 5] smbd/ipc.c:handle_trans(404) > calling named_pipe >[2006/07/17 11:01:29, 3] smbd/ipc.c:named_pipe(340) > named pipe command on <> name >[2006/07/17 11:01:29, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7478 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7478 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 3] smbd/ipc.c:api_fd_reply(300) > Got API command 0x26 on pipe "lsarpc" (pnum 7478) >[2006/07/17 11:01:29, 10] smbd/ipc.c:api_fd_reply(305) > api_fd_reply: p:0x803f7510 max_trans_reply: 1024 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) > write_to_pipe: 7478 name: lsarpc open: Yes len: 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 16 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) > write_to_pipe: data_left = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 alloc_hint: 00000014 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 opnum : 0000 >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) > Requested \PIPE\lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) > api_rpc_cmds[4].fn == 0x800fbf06 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_close >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000110 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: e9 51 bb 44 e4 14 00 00 >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 01 00 00 00 00 00 00 E9 51 BB 44 ........ ....éQ»D > [010] E4 14 00 00 ä... >[2006/07/17 11:01:29, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_close >[2006/07/17 11:01:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) > api_rpcTNP: called lsarpc successfully >[2006/07/17 11:01:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) > write_to_pipe: data_used = 28 >[2006/07/17 11:01:29, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) > read_from_pipe: 7478 name: lsarpc len: 1024 >[2006/07/17 11:01:29, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/07/17 11:01:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/07/17 11:01:29, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=4860 > smb_uid=101 > smb_mid=37506 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/07/17 11:01:29, 10] lib/util.c:dump_data(2215) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 41 >[2006/07/17 11:01:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x29 >[2006/07/17 11:01:29, 3] smbd/process.c:process_smb(1110) > Transaction 3166 of length 45 >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=37570 > smt_wct=3 > smb_vwv[ 0]=29816 (0x7478) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/07/17 11:01:29, 3] smbd/process.c:switch_message(914) > switch message SMBclose (pid 5348) conn 0x8048e630 >[2006/07/17 11:01:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_nt_user_token(455) > NT user token of user S-1-5-21-1133090748-3639176701-2116357234-3000 > contains 12 SIDs > SID[ 0]: S-1-5-21-1133090748-3639176701-2116357234-3000 > SID[ 1]: S-1-5-21-1133090748-3639176701-2116357234-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1133090748-3639176701-2116357234-513 > SID[ 6]: S-1-5-21-1133090748-3639176701-2116357234-550 > SID[ 7]: S-1-5-21-1133090748-3639176701-2116357234-3003 > SID[ 8]: S-1-5-21-1133090748-3639176701-2116357234-3095 > SID[ 9]: S-1-5-21-1133090748-3639176701-2116357234-3119 > SID[ 10]: S-1-5-21-1133090748-3639176701-2116357234-3121 > SID[ 11]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/07/17 11:01:29, 5] auth/auth_util.c:debug_unix_user_token(475) > UNIX token of user 0 > Primary group is 512 and contains 7 supplementary groups > Group[ 0]: 512 > Group[ 1]: 513 > Group[ 2]: 550 > Group[ 3]: 1001 > Group[ 4]: 1047 > Group[ 5]: 1059 > Group[ 6]: 1060 >[2006/07/17 11:01:29, 5] smbd/uid.c:change_to_user(260) > change_to_user uid=(0,0) gid=(0,512) >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) > search for pipe pnum=7478 >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name lsarpc pnum=7478 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=746a (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7463 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7462 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7444 (pipes_open=6) >[2006/07/17 11:01:29, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) > pipe name spoolss pnum=7443 (pipes_open=6) >[2006/07/17 11:01:29, 5] smbd/pipes.c:reply_pipe_close(282) > reply_pipe_close: pnum:7478 >[2006/07/17 11:01:29, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2006/07/17 11:01:29, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) > closed pipe name lsarpc pnum=7478 (pipes_open=5) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(478) >[2006/07/17 11:01:29, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=37570 > smt_wct=0 > smb_bcc=0 >[2006/07/17 11:01:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2006/07/17 11:01:31, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2043">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3941
: 2043 |
2044