[2003/10/18 14:42:05, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/18 14:42:05, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/18 14:42:05, 2] lib/interface.c:add_interface(79) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2003/10/18 14:42:05, 2] lib/interface.c:add_interface(79) added interface ip=192.168.0.102 bcast=192.168.0.255 nmask=255.255.255.0 [2003/10/18 14:42:05, 5] lib/hash.c:hash_table_init(67) Hash size = 521. [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_KEEPALIVE = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_REUSEADDR = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_BROADCAST = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option TCP_NODELAY = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option IPTOS_LOWDELAY = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option IPTOS_THROUGHPUT = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDBUF = 16384 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVBUF = 87380 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDLOWAT = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVLOWAT = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDTIMEO = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVTIMEO = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_KEEPALIVE = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_REUSEADDR = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_BROADCAST = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option TCP_NODELAY = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option IPTOS_LOWDELAY = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option IPTOS_THROUGHPUT = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDBUF = 16384 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVBUF = 87380 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDLOWAT = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVLOWAT = 1 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDTIMEO = 0 [2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVTIMEO = 0 [2003/10/18 14:44:41, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lib/samba/gencache.tdb [2003/10/18 14:44:41, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_context_list(535) Trying to load: ldapsam:ldap://localhost:389 [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend ldapsam [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'ldapsam' [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend ldapsam_compat [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'ldapsam_compat' [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend smbpasswd [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'smbpasswd' [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend tdbsam [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'tdbsam' [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend guest [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'guest' [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) Attempting to find an passdb backend to match ldapsam:ldap://localhost:389 (ldapsam) [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) Found pdb backend ldapsam [2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_search_domain_info(1295) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UTBILDNING))] [2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UTBILDNING))] [2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_open_connection(623) smbldap_open_connection: connection opened [2003/10/18 14:44:41, 3] lib/smbldap.c:smbldap_connect_system(785) ldap_connect_system: succesful connection to the LDAP server [2003/10/18 14:44:41, 4] lib/smbldap.c:smbldap_open(836) The LDAP server is succesful connected [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) pdb backend ldapsam:ldap://localhost:389 has a valid init [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_context_list(535) Trying to load: guest [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) Attempting to find an passdb backend to match guest (guest) [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) Found pdb backend guest [2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) pdb backend guest has a valid init [2003/10/18 14:44:41, 3] smbd/oplock.c:init_oplocks(1226) open_oplock_ipc: opening loopback UDP socket. [2003/10/18 14:44:41, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2003/10/18 14:44:41, 3] smbd/oplock.c:init_oplocks(1257) open_oplock ipc: pid = 2893, global_oplock_port = 32769 [2003/10/18 14:44:41, 4] lib/time.c:get_serverzone(122) Serverzone is -7200 [2003/10/18 14:44:41, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2003/10/18 14:44:41, 2] lib/access.c:check_access(324) Allowed connection from (192.168.0.100) [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 0 of length 72 [2003/10/18 14:44:41, 2] smbd/reply.c:reply_special(93) netbios connect: name1=STUDENT name2=CITADELXP [2003/10/18 14:44:41, 2] smbd/reply.c:reply_special(100) netbios connect: local=student remote=citadelxp, name type = 0 [2003/10/18 14:44:41, 5] smbd/connection.c:claim_connection(170) claiming 0 [2003/10/18 14:44:41, 5] smbd/reply.c:reply_special(142) init msg_type=0x81 msg_flags=0x0 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 1 of length 137 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN1.0] [2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [Windows for Workgroups 3.1a] [2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LM1.2X002] [2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN2.1] [2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2003/10/18 14:44:41, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2003/10/18 14:44:41, 5] smbd/negprot.c:reply_negprot(538) negprot index=5 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=19712 (0x4D00) smb_vwv[ 8]= 11 (0xB) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=11202 (0x2BC2) smb_vwv[13]=30105 (0x7599) smb_vwv[14]=50069 (0xC395) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=15103 (0x3AFF) smb_bcc=58 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 2 of length 232 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=228 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 228 (0xE4) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 66 (0x42) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=169 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/10/18 14:44:41, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_spnego_negotiate(388) Got secblob of size 32 [2003/10/18 14:44:41, 5] auth/auth.c:make_auth_context_subsystem(492) Using specified auth order [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend rhosts [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'rhosts' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend hostsequiv [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'hostsequiv' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam_ignoredomain [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam_ignoredomain' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend unix [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'unix' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend winbind [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'winbind' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend smbserver [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'smbserver' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend trustdomain [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'trustdomain' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend ntdomain [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'ntdomain' [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend guest [2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'guest' [2003/10/18 14:44:41, 5] auth/auth.c:load_auth_module(370) load_auth_module: Attempting to find an auth method to match guest [2003/10/18 14:44:41, 5] auth/auth.c:load_auth_module(395) load_auth_module: auth method guest has a valid init [2003/10/18 14:44:41, 5] auth/auth.c:load_auth_module(370) load_auth_module: Attempting to find an auth method to match sam [2003/10/18 14:44:41, 5] auth/auth.c:load_auth_module(395) load_auth_module: auth method sam has a valid init [2003/10/18 14:44:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) Got NTLMSSP neg_flags=0xe0088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2003/10/18 14:44:41, 5] auth/auth.c:get_ntlm_challenge(93) auth_get_challenge: module guest did not want to specify a challenge [2003/10/18 14:44:41, 5] auth/auth.c:get_ntlm_challenge(93) auth_get_challenge: module sam did not want to specify a challenge [2003/10/18 14:44:41, 5] auth/auth.c:get_ntlm_challenge(132) auth_context challenge created by random [2003/10/18 14:44:41, 5] auth/auth.c:get_ntlm_challenge(133) challenge is: [2003/10/18 14:44:41, 5] lib/util.c:dump_data(1825) [000] 26 DA 0E 49 8A 5B 1B 09 &Ú.I.[.. [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 3 of length 354 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=350 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 350 (0x15E) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 188 (0xBC) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=291 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/10/18 14:44:41, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/10/18 14:44:41, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[administrator] domain=[utbildning] workstation=[CITADELXP] len1=24 len2=24 [2003/10/18 14:44:41, 4] lib/username.c:map_username(132) Scanning username map /etc/samba/users.map [2003/10/18 14:44:41, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user [utbildning]\[administrator] from workstation [CITADELXP] [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) secrets_fetch failed! [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) no entry for trusted domain utbildning found. [2003/10/18 14:44:41, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for administrator (administrator) [2003/10/18 14:44:41, 5] auth/auth_util.c:make_user_info(142) making strings for administrator's user_info struct [2003/10/18 14:44:41, 5] auth/auth_util.c:make_user_info(184) making blobs for administrator's user_info struct [2003/10/18 14:44:41, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user [utbildning]\[administrator]@[CITADELXP] with the new password interface [2003/10/18 14:44:41, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [utbildning]\[administrator]@[CITADELXP] [2003/10/18 14:44:41, 5] lib/util.c:dump_data(1825) [000] 26 DA 0E 49 8A 5B 1B 09 &Ú.I.[.. [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(uid=administrator)(objectclass=sambaSamAccount))] [2003/10/18 14:44:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: Administrator [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 4] auth/auth_sam.c:sam_password_ok(208) sam_password_ok: Checking NT MD4 password [2003/10/18 14:44:41, 4] auth/auth_sam.c:sam_account_ok(309) sam_account_ok: Checking SMB password for user Administrator [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 250 Primary group is 512 and contains 3 supplementary groups Group[ 0]: 512 Group[ 1]: 512 Group[ 2]: 544 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=512))] [2003/10/18 14:44:41, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1630) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups,dc=utb,dc=com,dc=utb,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=512)) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=544))] [2003/10/18 14:44:41, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1630) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups,dc=utb,dc=com,dc=utb,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=544)) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:make_server_info_sam(838) make_server_info_sam: made server info for user Administrator -> Administrator [2003/10/18 14:44:41, 3] auth/auth.c:check_ntlm_password(265) check_ntlm_password: sam authentication for user [administrator] succeeded [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth.c:check_ntlm_password(289) check_ntlm_password: PAM Account for user [Administrator] succeeded [2003/10/18 14:44:41, 2] auth/auth.c:check_ntlm_password(302) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded [2003/10/18 14:44:41, 5] auth/auth_util.c:free_user_info(1185) attempting to free (and zero) a user_info structure [2003/10/18 14:44:41, 3] smbd/password.c:register_vuid(207) User name: Administrator Real name: Administrator [2003/10/18 14:44:41, 3] smbd/password.c:register_vuid(225) UNIX uid 250 is UNIX user Administrator, and will be vuid 100 [2003/10/18 14:44:41, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2003/10/18 14:44:41, 3] smbd/password.c:register_vuid(241) Adding/updating homes service for user 'Administrator' using home directory: '/tmp' [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 4 of length 84 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=80 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=37 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:41, 4] smbd/reply.c:reply_tcon_and_X(266) Client requested device type [?????] for share [IPC$] [2003/10/18 14:44:41, 5] smbd/service.c:make_connection(869) making a connection to 'normal' service ipc$ [2003/10/18 14:44:41, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2003/10/18 14:44:41, 2] lib/access.c:check_access(324) Allowed connection from (192.168.0.100) [2003/10/18 14:44:41, 5] lib/username.c:Get_Pwnam(288) Finding user Administrator [2003/10/18 14:44:41, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is administrator [2003/10/18 14:44:41, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [Administrator]! [2003/10/18 14:44:41, 0] smbd/service.c:set_admin_user(321) Administrator logged in as admin user (root privileges) [2003/10/18 14:44:41, 3] smbd/service.c:make_connection_snum(543) Connect path is '/tmp' for service [IPC$] [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:get_current_groups(171) get_current_groups: user is in 2 groups: 512, 544 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:get_current_groups(171) get_current_groups: user is in 2 groups: 512, 544 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(uid=root)(objectclass=sambaSamAccount))] [2003/10/18 14:44:41, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1036) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 4] passdb/passdb.c:local_uid_to_sid(1112) local_uid_to_sid: User root [uid == 0] has no samba account [2003/10/18 14:44:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 [2003/10/18 14:44:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 [2003/10/18 14:44:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 544 -> S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2003/10/18 14:44:41, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/18 14:44:41, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-1000 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (2) granted. [2003/10/18 14:44:41, 3] smbd/vfs.c:vfs_init_default(201) Initialising default vfs hooks [2003/10/18 14:44:41, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/service.c:make_connection_snum(705) citadelxp (192.168.0.100) connect to service IPC$ initially as user Administrator (uid=0, gid=512) (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:41, 3] smbd/reply.c:reply_tcon_and_X(314) tconX service=IPC$ [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 5 of length 104 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 4] smbd/vfs.c:vfs_ChDir(611) vfs_ChDir to /tmp [2003/10/18 14:44:41, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \lsarpc. [2003/10/18 14:44:41, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe lsarpc opening. [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested lsarpc (pipes_open=0) [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested lsarpc [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe lsarpc (pipes_open=0) [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe lsarpc with handle 76f4 (pipes_open=1) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:41, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \lsarpc [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=256 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62464 (0xF400) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 6 of length 140 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30452 (0x76F4) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 12345778 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 1234 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : abcd [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : ef 00 01 23 45 67 89 ab [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\lsarpc [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\lsass. [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:41, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f4 nwritten=72 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 7 of length 63 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30452 (0x76F4) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:41, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f4 min=1024 max=1024 nread=68 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 8 of length 176 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=105 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=88 params=0 setup=2 [2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000040 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 002c [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\lsarpc [2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol2 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr : 00149910 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000a [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000a [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.S.T.U.D.E.N.T... [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 len : 00000018 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 ptr_root_dir: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c ptr_obj_name: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 attributes : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 ptr_sec_desc: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 ptr_sec_qos : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c des_access: 02000000 [2003/10/18 14:44:41, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/18 14:44:41, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_open_pol2 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called lsarpc successfully [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 820 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 9 of length 134 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=512 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=63 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=46 params=0 setup=2 [2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002e [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000016 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 002e [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\lsarpc [2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: lsarpc op 0x2e - unknown [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 23 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0020 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_hdr_fault fault [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0018 status : NT code 0x1c010002 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c reserved: 00000000 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..32] [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=512 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 10 of length 134 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=576 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=63 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=46 params=0 setup=2 [2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002e [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000016 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0007 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\lsarpc [2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 info_class: 0003 [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 22000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 info_class: 0003 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 uni_dom_max_len: 0016 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a uni_dom_str_len: 0018 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c buffer_dom_name: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 buffer_dom_sid : 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 uni_max_len: 0000000c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 offset : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c uni_str_len: 0000000b [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0020 buffer : U.T.B.I.L.D.N.I.N.G... [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 num_auths: 00000004 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 003c sid_rev_num: 01 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 003d num_auths : 04 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 003e id_auth[0] : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 003f id_auth[1] : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0040 id_auth[2] : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0041 id_auth[3] : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0042 id_auth[4] : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0043 id_auth[5] : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0044 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0054 status: NT_STATUS_OK [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called lsarpc successfully [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 512 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0070 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000058 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..112] [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=576 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 11 of length 104 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=640 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \winreg. [2003/10/18 14:44:41, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe winreg opening. [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested winreg (pipes_open=1) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name lsarpc pnum=76f4 [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested winreg [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe winreg (pipes_open=1) [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe winreg with handle 76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name winreg pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:41, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \winreg [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=640 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62720 (0xF500) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 12 of length 140 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30453 (0x76F5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 338cd001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 2244 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : 31f1 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : aa aa 90 00 38 00 10 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\winreg [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000d [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\winreg. [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:41, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f5 nwritten=72 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 13 of length 63 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30453 (0x76F5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:41, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f5 min=1024 max=1024 nread=68 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 14 of length 124 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=832 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=53 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=36 params=0 setup=2 [2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000000c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0002 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_open_hklm [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr : 012cf544 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 unknown_0: 8e68 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 unknown_1: 0001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 access_mask: 02000000 [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_open_hklm [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000002 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=832 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 15 of length 272 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=268 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=896 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 184 (0xB8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=201 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=184 params=0 setup=2 [2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 00b8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 000000a0 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 000f [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_entry [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000002 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 uni_str_len: 006e [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 uni_max_len: 006e [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 buffer : 75157eb0 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c uni_max_len: 00000037 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 offset : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_str_len: 00000037 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0098 unknown_0 : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 009c access_desired : 00020019 [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(326) reg_open_entry: Enter [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(337) reg_open_entry: Exit [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_open_entry [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000003 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 110 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=896 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 16 of length 236 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=960 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 148 (0x94) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=165 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=148 params=0 setup=2 [2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0094 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000007c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0011 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_info [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000003 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 uni_str_len: 002a [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 uni_max_len: 002a [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 buffer : 75157e84 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c uni_max_len: 00000015 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 offset : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_str_len: 00000015 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 ptr_reserved: 012cf598 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 ptr_buf: 012cf5c8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c ptr_bufsize: 012cf5c8 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0060 bufsize: 00000004 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 buf_unk: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 unk1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c ptr_buflen: 012cf590 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0070 buflen: 00000004 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 ptr_buflen2: 012cf588 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0078 buflen2: 00000000 [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_info(358) _reg_info: Enter [2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_info(367) reg_info: looking up value: [RefusePasswordChange] [2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_info(436) _reg_info: Exit [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_info [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr_type: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 type: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 ptr_uni_val: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_max_len: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 offset : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 buf_len : 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0018 buffer : [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr_max_len: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c buf_max_len: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 ptr_len: 00000001 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 buf_len: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0028 status: NT_STATUS_NO_SUCH_FILE [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 42 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000002c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..68] [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 17 of length 132 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=61 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0005 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_close [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000003 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_close [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 18 of length 132 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=61 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0005 [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_close [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000002 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:41, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_close [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) Transaction 19 of length 45 [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1152 smt_wct=3 smb_vwv[ 0]=30453 (0x76F5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2893) [2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:41, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f5 [2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name winreg pnum=76f5 (pipes_open=1) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1152 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 20 of length 108 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1216 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \NETLOGON. [2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe NETLOGON opening. [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested NETLOGON (pipes_open=1) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested NETLOGON [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe NETLOGON (pipes_open=1) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe NETLOGON with handle 76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name NETLOGON pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \NETLOGON [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1216 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62976 (0xF600) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 21 of length 140 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30454 (0x76F6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name NETLOGON pnum=76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 12345678 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 1234 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : abcd [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : ef 00 01 23 45 67 cf fb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\NETLOGON [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\lsass. [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f6 nwritten=72 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 22 of length 63 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30454 (0x76F6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name NETLOGON pnum=76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f6 min=1024 max=1024 nread=68 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 23 of length 188 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1408 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30454 (0x76F6) smb_bcc=117 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=100 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name NETLOGON pnum=76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "NETLOGON" (pnum 76f6)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0064 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000004c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0004 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\NETLOGON [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 0009c298 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.S.T.U.D.E.N.T... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_max_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c uni_str_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0030 buffer : C.I.T.A.D.E.L.X.P... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0044 data: 96 4d 0d 20 eb 25 69 ee [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_r_req_chal [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0000 data: 51 38 64 ea 5f fd 26 f3 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0008 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called NETLOGON successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 40 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..36] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1408 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 24 of length 45 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1472 smt_wct=3 smb_vwv[ 0]=30454 (0x76F6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name NETLOGON pnum=76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f6 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name NETLOGON pnum=76f6 (pipes_open=1) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1472 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 25 of length 108 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1536 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \NETLOGON. [2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe NETLOGON opening. [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested NETLOGON (pipes_open=1) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested NETLOGON [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe NETLOGON (pipes_open=1) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe NETLOGON with handle 76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name NETLOGON pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \NETLOGON [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1536 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=63232 (0xF700) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 26 of length 140 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30455 (0x76F7) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name NETLOGON pnum=76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 12345678 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 1234 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : abcd [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : ef 00 01 23 45 67 cf fb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\NETLOGON [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\lsass. [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f7 nwritten=72 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 27 of length 63 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1664 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30455 (0x76F7) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name NETLOGON pnum=76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f7 min=1024 max=1024 nread=68 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1664 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 28 of length 224 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=220 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1728 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 136 (0x88) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30455 (0x76F7) smb_bcc=153 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=136 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name NETLOGON pnum=76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "NETLOGON" (pnum 76f7)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0088 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000070 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0005 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\NETLOGON [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: NETLOGON op 0x5 - api_rpcTNP: rpc command: NET_AUTH [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 0009c298 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.S.T.U.D.E.N.T... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_max_len: 0000000b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c uni_str_len: 0000000b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0030 buffer : C.I.T.A.D.E.L.X.P.$... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0046 sec_chan: 0002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 uni_max_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 uni_str_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0054 buffer : C.I.T.A.D.E.L.X.P... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0068 data: d4 a7 81 72 f4 74 ec e5 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_r_auth [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0000 data: 28 ec ff bf 4a b8 1b 08 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0008 status: NT_STATUS_ACCESS_DENIED [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called NETLOGON successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 62 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..36] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 29 of length 45 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1792 smt_wct=3 smb_vwv[ 0]=30455 (0x76F7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name NETLOGON pnum=76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f7 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name NETLOGON pnum=76f7 (pipes_open=1) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1792 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 30 of length 132 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1856 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=61 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0000 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\lsarpc [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_close [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: b9 35 91 3f 4d 0b 00 00 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? [010] 4D 0B 00 00 M... [2003/10/18 14:44:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_close [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called lsarpc successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1856 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 31 of length 45 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1920 smt_wct=3 smb_vwv[ 0]=30452 (0x76F4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f4 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name lsarpc pnum=76f4 (pipes_open=0) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1920 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 32 of length 43 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=1984 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBulogoffX (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2003/10/18 14:44:42, 5] auth/auth_util.c:free_server_info(1210) attempting to free (and zero) a server_info structure [2003/10/18 14:44:42, 3] smbd/reply.c:reply_ulogoffX(1055) ulogoffX vuid=100 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=1984 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 33 of length 39 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtdis (pid 2893) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 3] smbd/service.c:close_cnum(887) citadelxp (192.168.0.100) closed connection to service IPC$ [2003/10/18 14:44:42, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2003/10/18 14:44:42, 4] smbd/vfs.c:vfs_ChDir(611) vfs_ChDir to / [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:timeout_processing(1099) timeout_processing: End of file from client (client has disconnected). [2003/10/18 14:44:42, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2003/10/18 14:44:42, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 2] smbd/server.c:exit_server(558) Closing connections [2003/10/18 14:44:42, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2003/10/18 14:44:42, 5] smbd/oplock.c:receive_local_message(107) receive_local_message: doing select with timeout of 1 ms [2003/10/18 14:44:42, 3] smbd/server.c:exit_server(601) Server exit (normal exit) [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_KEEPALIVE = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_REUSEADDR = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_BROADCAST = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option TCP_NODELAY = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option IPTOS_LOWDELAY = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option IPTOS_THROUGHPUT = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDBUF = 16384 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVBUF = 87380 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDLOWAT = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVLOWAT = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDTIMEO = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVTIMEO = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_KEEPALIVE = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_REUSEADDR = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_BROADCAST = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option TCP_NODELAY = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option IPTOS_LOWDELAY = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option IPTOS_THROUGHPUT = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDBUF = 16384 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVBUF = 87380 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDLOWAT = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVLOWAT = 1 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_SNDTIMEO = 0 [2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) socket option SO_RCVTIMEO = 0 [2003/10/18 14:44:42, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lib/samba/gencache.tdb [2003/10/18 14:44:42, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_context_list(535) Trying to load: ldapsam:ldap://localhost:389 [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend ldapsam [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'ldapsam' [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend ldapsam_compat [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'ldapsam_compat' [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend smbpasswd [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'smbpasswd' [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend tdbsam [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'tdbsam' [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) Attempting to register passdb backend guest [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) Successfully added passdb backend 'guest' [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) Attempting to find an passdb backend to match ldapsam:ldap://localhost:389 (ldapsam) [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) Found pdb backend ldapsam [2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_search_domain_info(1295) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UTBILDNING))] [2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UTBILDNING))] [2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_open_connection(623) smbldap_open_connection: connection opened [2003/10/18 14:44:42, 3] lib/smbldap.c:smbldap_connect_system(785) ldap_connect_system: succesful connection to the LDAP server [2003/10/18 14:44:42, 4] lib/smbldap.c:smbldap_open(836) The LDAP server is succesful connected [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) pdb backend ldapsam:ldap://localhost:389 has a valid init [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_context_list(535) Trying to load: guest [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) Attempting to find an passdb backend to match guest (guest) [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) Found pdb backend guest [2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) pdb backend guest has a valid init [2003/10/18 14:44:42, 3] smbd/oplock.c:init_oplocks(1226) open_oplock_ipc: opening loopback UDP socket. [2003/10/18 14:44:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2003/10/18 14:44:42, 3] smbd/oplock.c:init_oplocks(1257) open_oplock ipc: pid = 2894, global_oplock_port = 32769 [2003/10/18 14:44:42, 4] lib/time.c:get_serverzone(122) Serverzone is -7200 [2003/10/18 14:44:42, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2003/10/18 14:44:42, 2] lib/access.c:check_access(324) Allowed connection from (192.168.0.100) [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 0 of length 72 [2003/10/18 14:44:42, 2] smbd/reply.c:reply_special(93) netbios connect: name1=STUDENT name2=CITADELXP [2003/10/18 14:44:42, 2] smbd/reply.c:reply_special(100) netbios connect: local=student remote=citadelxp, name type = 0 [2003/10/18 14:44:42, 5] smbd/connection.c:claim_connection(170) claiming 0 [2003/10/18 14:44:42, 5] smbd/reply.c:reply_special(142) init msg_type=0x81 msg_flags=0x0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 1 of length 137 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN1.0] [2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [Windows for Workgroups 3.1a] [2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LM1.2X002] [2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN2.1] [2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2003/10/18 14:44:42, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2003/10/18 14:44:42, 5] smbd/negprot.c:reply_negprot(538) negprot index=5 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=19968 (0x4E00) smb_vwv[ 8]= 11 (0xB) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=50265 (0xC459) smb_vwv[13]=30105 (0x7599) smb_vwv[14]=50069 (0xC395) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=15103 (0x3AFF) smb_bcc=58 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 2 of length 232 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=228 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 228 (0xE4) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 66 (0x42) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=169 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/10/18 14:44:42, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(388) Got secblob of size 32 [2003/10/18 14:44:42, 5] auth/auth.c:make_auth_context_subsystem(492) Using specified auth order [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend rhosts [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'rhosts' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend hostsequiv [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'hostsequiv' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam_ignoredomain [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam_ignoredomain' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend unix [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'unix' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend winbind [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'winbind' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend smbserver [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'smbserver' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend trustdomain [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'trustdomain' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend ntdomain [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'ntdomain' [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend guest [2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'guest' [2003/10/18 14:44:42, 5] auth/auth.c:load_auth_module(370) load_auth_module: Attempting to find an auth method to match guest [2003/10/18 14:44:42, 5] auth/auth.c:load_auth_module(395) load_auth_module: auth method guest has a valid init [2003/10/18 14:44:42, 5] auth/auth.c:load_auth_module(370) load_auth_module: Attempting to find an auth method to match sam [2003/10/18 14:44:42, 5] auth/auth.c:load_auth_module(395) load_auth_module: auth method sam has a valid init [2003/10/18 14:44:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) Got NTLMSSP neg_flags=0xe0088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2003/10/18 14:44:42, 5] auth/auth.c:get_ntlm_challenge(93) auth_get_challenge: module guest did not want to specify a challenge [2003/10/18 14:44:42, 5] auth/auth.c:get_ntlm_challenge(93) auth_get_challenge: module sam did not want to specify a challenge [2003/10/18 14:44:42, 5] auth/auth.c:get_ntlm_challenge(132) auth_context challenge created by random [2003/10/18 14:44:42, 5] auth/auth.c:get_ntlm_challenge(133) challenge is: [2003/10/18 14:44:42, 5] lib/util.c:dump_data(1825) [000] 6D 65 A4 F0 95 8B 6A CD me¤ð..jÍ [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 3 of length 354 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=350 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 350 (0x15E) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 188 (0xBC) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=291 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/10/18 14:44:42, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/10/18 14:44:42, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[administrator] domain=[utbildning] workstation=[CITADELXP] len1=24 len2=24 [2003/10/18 14:44:42, 4] lib/username.c:map_username(132) Scanning username map /etc/samba/users.map [2003/10/18 14:44:42, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user [utbildning]\[administrator] from workstation [CITADELXP] [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) secrets_fetch failed! [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) no entry for trusted domain utbildning found. [2003/10/18 14:44:42, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for administrator (administrator) [2003/10/18 14:44:42, 5] auth/auth_util.c:make_user_info(142) making strings for administrator's user_info struct [2003/10/18 14:44:42, 5] auth/auth_util.c:make_user_info(184) making blobs for administrator's user_info struct [2003/10/18 14:44:42, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user [utbildning]\[administrator]@[CITADELXP] with the new password interface [2003/10/18 14:44:42, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [utbildning]\[administrator]@[CITADELXP] [2003/10/18 14:44:42, 5] lib/util.c:dump_data(1825) [000] 6D 65 A4 F0 95 8B 6A CD me¤ð..jÍ [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(uid=administrator)(objectclass=sambaSamAccount))] [2003/10/18 14:44:42, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: Administrator [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 4] auth/auth_sam.c:sam_password_ok(208) sam_password_ok: Checking NT MD4 password [2003/10/18 14:44:42, 4] auth/auth_sam.c:sam_account_ok(309) sam_account_ok: Checking SMB password for user Administrator [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 250 Primary group is 512 and contains 3 supplementary groups Group[ 0]: 512 Group[ 1]: 512 Group[ 2]: 544 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=512))] [2003/10/18 14:44:42, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1630) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups,dc=utb,dc=com,dc=utb,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=512)) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=544))] [2003/10/18 14:44:42, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1630) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups,dc=utb,dc=com,dc=utb,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=544)) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:make_server_info_sam(838) make_server_info_sam: made server info for user Administrator -> Administrator [2003/10/18 14:44:42, 3] auth/auth.c:check_ntlm_password(265) check_ntlm_password: sam authentication for user [administrator] succeeded [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth.c:check_ntlm_password(289) check_ntlm_password: PAM Account for user [Administrator] succeeded [2003/10/18 14:44:42, 2] auth/auth.c:check_ntlm_password(302) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded [2003/10/18 14:44:42, 5] auth/auth_util.c:free_user_info(1185) attempting to free (and zero) a user_info structure [2003/10/18 14:44:42, 3] smbd/password.c:register_vuid(207) User name: Administrator Real name: Administrator [2003/10/18 14:44:42, 3] smbd/password.c:register_vuid(225) UNIX uid 250 is UNIX user Administrator, and will be vuid 100 [2003/10/18 14:44:42, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2003/10/18 14:44:42, 3] smbd/password.c:register_vuid(241) Adding/updating homes service for user 'Administrator' using home directory: '/tmp' [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 4 of length 84 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=80 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=37 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 4] smbd/reply.c:reply_tcon_and_X(266) Client requested device type [?????] for share [IPC$] [2003/10/18 14:44:42, 5] smbd/service.c:make_connection(869) making a connection to 'normal' service ipc$ [2003/10/18 14:44:42, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2003/10/18 14:44:42, 2] lib/access.c:check_access(324) Allowed connection from (192.168.0.100) [2003/10/18 14:44:42, 5] lib/username.c:Get_Pwnam(288) Finding user Administrator [2003/10/18 14:44:42, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is administrator [2003/10/18 14:44:42, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [Administrator]! [2003/10/18 14:44:42, 0] smbd/service.c:set_admin_user(321) Administrator logged in as admin user (root privileges) [2003/10/18 14:44:42, 3] smbd/service.c:make_connection_snum(543) Connect path is '/tmp' for service [IPC$] [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:get_current_groups(171) get_current_groups: user is in 2 groups: 512, 544 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:get_current_groups(171) get_current_groups: user is in 2 groups: 512, 544 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(uid=root)(objectclass=sambaSamAccount))] [2003/10/18 14:44:42, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1036) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 4] passdb/passdb.c:local_uid_to_sid(1112) local_uid_to_sid: User root [uid == 0] has no samba account [2003/10/18 14:44:42, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 [2003/10/18 14:44:42, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 [2003/10/18 14:44:42, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 544 -> S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-1000 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (2) granted. [2003/10/18 14:44:42, 3] smbd/vfs.c:vfs_init_default(201) Initialising default vfs hooks [2003/10/18 14:44:42, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/service.c:make_connection_snum(705) citadelxp (192.168.0.100) connect to service IPC$ initially as user Administrator (uid=0, gid=512) (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:42, 3] smbd/reply.c:reply_tcon_and_X(314) tconX service=IPC$ [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 5 of length 104 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] smbd/vfs.c:vfs_ChDir(611) vfs_ChDir to /tmp [2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \lsarpc. [2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe lsarpc opening. [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested lsarpc (pipes_open=0) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested lsarpc [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe lsarpc (pipes_open=0) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe lsarpc with handle 76f4 (pipes_open=1) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \lsarpc [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=256 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62464 (0xF400) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 6 of length 140 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30452 (0x76F4) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 12345778 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 1234 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : abcd [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : ef 00 01 23 45 67 89 ab [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\lsarpc [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\lsass. [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f4 nwritten=72 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 7 of length 63 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30452 (0x76F4) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f4 min=1024 max=1024 nread=68 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 8 of length 176 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=105 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=88 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000040 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 002c [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\lsarpc [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol2 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr : 0009c298 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.S.T.U.D.E.N.T... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 len : 00000018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 ptr_root_dir: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c ptr_obj_name: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 attributes : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 ptr_sec_desc: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 ptr_sec_qos : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c des_access: 02000000 [2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_open_pol2 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called lsarpc successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 820 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 9 of length 134 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=512 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=63 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=46 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002e [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000016 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 002e [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\lsarpc [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: lsarpc op 0x2e - unknown [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 23 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0020 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_hdr_fault fault [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0018 status : NT code 0x1c010002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c reserved: 00000000 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..32] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=512 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 10 of length 134 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=576 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=63 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=46 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002e [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000016 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0007 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\lsarpc [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 info_class: 0003 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 22000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 info_class: 0003 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 uni_dom_max_len: 0016 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a uni_dom_str_len: 0018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c buffer_dom_name: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 buffer_dom_sid : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 uni_max_len: 0000000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c uni_str_len: 0000000b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0020 buffer : U.T.B.I.L.D.N.I.N.G... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 num_auths: 00000004 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 003c sid_rev_num: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 003d num_auths : 04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 003e id_auth[0] : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 003f id_auth[1] : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0040 id_auth[2] : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0041 id_auth[3] : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0042 id_auth[4] : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0043 id_auth[5] : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0044 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0054 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called lsarpc successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 512 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0070 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000058 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..112] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=576 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 11 of length 104 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=640 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \winreg. [2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe winreg opening. [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested winreg (pipes_open=1) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested winreg [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe winreg (pipes_open=1) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe winreg with handle 76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name winreg pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \winreg [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=640 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62720 (0xF500) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 12 of length 140 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30453 (0x76F5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 338cd001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 2244 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : 31f1 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : aa aa 90 00 38 00 10 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\winreg [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000d [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\winreg. [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f5 nwritten=72 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 13 of length 63 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30453 (0x76F5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f5 min=1024 max=1024 nread=68 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 14 of length 124 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=832 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=53 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=36 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0002 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_open_hklm [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr : 012cf544 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 unknown_0: 6b50 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 unknown_1: 0001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 access_mask: 02000000 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_open_hklm [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=832 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 15 of length 272 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=268 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=896 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 184 (0xB8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=201 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=184 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 00b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 000000a0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 000f [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_entry [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 uni_str_len: 006e [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 uni_max_len: 006e [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 buffer : 75157eb0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c uni_max_len: 00000037 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_str_len: 00000037 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0098 unknown_0 : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 009c access_desired : 00020019 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(326) reg_open_entry: Enter [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(337) reg_open_entry: Exit [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_open_entry [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000003 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 110 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=896 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 16 of length 236 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=960 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 148 (0x94) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=165 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=148 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0094 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000007c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0011 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_info [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000003 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 uni_str_len: 002a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 uni_max_len: 002a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 buffer : 75157e84 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c uni_max_len: 00000015 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_str_len: 00000015 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 ptr_reserved: 012cf598 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 ptr_buf: 012cf5c8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c ptr_bufsize: 012cf5c8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0060 bufsize: 00000004 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 buf_unk: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 unk1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c ptr_buflen: 012cf590 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0070 buflen: 00000004 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0074 ptr_buflen2: 012cf588 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0078 buflen2: 00000000 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_info(358) _reg_info: Enter [2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_info(367) reg_info: looking up value: [RefusePasswordChange] [2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_info(436) _reg_info: Exit [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_info [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr_type: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 type: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 ptr_uni_val: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_max_len: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 buf_len : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0018 buffer : [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr_max_len: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c buf_max_len: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 ptr_len: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 buf_len: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0028 status: NT_STATUS_NO_SUCH_FILE [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 42 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000002c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..68] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 17 of length 132 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=61 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0005 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_close [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000003 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_close [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 18 of length 132 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30453 (0x76F5) smb_bcc=61 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0005 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\winreg [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_q_close [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 reg_io_r_close [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called winreg successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 19 of length 45 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1152 smt_wct=3 smb_vwv[ 0]=30453 (0x76F5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f5 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name winreg pnum=76f5 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f5 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name winreg pnum=76f5 (pipes_open=1) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1152 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 20 of length 100 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1216 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \samr. [2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe samr opening. [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested samr (pipes_open=1) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested samr [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe samr (pipes_open=1) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe samr with handle 76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name samr pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \samr [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1216 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62976 (0xF600) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 21 of length 140 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30454 (0x76F6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 12345778 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 1234 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : abcd [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : ef 00 01 23 45 67 89 ac [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\samr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\lsass. [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f6 nwritten=72 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 22 of length 63 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30454 (0x76F6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f6 min=1024 max=1024 nread=68 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 23 of length 168 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1408 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30454 (0x76F6) smb_bcc=97 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=80 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f6)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0050 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000038 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0040 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x40 - unknown [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 23 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0020 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_hdr_fault fault [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0018 status : NT code 0x1c010002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c reserved: 00000000 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..32] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1408 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 24 of length 45 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1472 smt_wct=3 smb_vwv[ 0]=30454 (0x76F6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f6 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f6 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f6 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name samr pnum=76f6 (pipes_open=1) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1472 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 25 of length 100 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1536 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \samr. [2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe samr opening. [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested samr (pipes_open=1) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested samr [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe samr (pipes_open=1) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe samr with handle 76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name samr pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \samr [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1536 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=63232 (0xF700) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 26 of length 140 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30455 (0x76F7) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 12345778 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 1234 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : abcd [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : ef 00 01 23 45 67 89 ac [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\samr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\lsass. [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f7 nwritten=72 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 27 of length 63 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1664 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30455 (0x76F7) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f7 min=1024 max=1024 nread=68 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1664 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 28 of length 156 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1728 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30455 (0x76F7) smb_bcc=85 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=68 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000002c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 003e [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_connect4 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr_srv_name: 00149910 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.S.T.U.D.E.N.T... [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 unk_0: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 access_mask: 00000030 [2003/10/18 14:44:42, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2472) _samr_connect4: 2472 [2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (30) granted. [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2503) _samr_connect: 2503 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_connect4 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000004 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 752 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 29 of length 140 [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1792 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30455 (0x76F7) smb_bcc=69 [2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=52 params=0 setup=2 [2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0034 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000001c [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0006 [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_enum_domains [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000004 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 start_idx: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 max_size : 00002000 [2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:42, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) [2003/10/18 14:44:42, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2555) make_enum_domains [2003/10/18 14:44:42, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3108) init_samr_r_enum_domains [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_enum_domains [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 next_idx : 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 ptr_entries1: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_entries2: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c ptr_entries2: 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 num_entries3: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 rid: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 uni_str_len: 0014 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001a uni_max_len: 0014 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c buffer : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 rid: 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 uni_str_len: 000e [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 uni_max_len: 000e [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 buffer : 00000001 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c uni_max_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 uni_str_len: 0000000a [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0038 buffer : U.T.B.I.L.D.N.I.N.G. [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c uni_max_len: 00000007 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 offset : 00000000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_str_len: 00000007 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0058 buffer : B.u.i.l.t.i.n. [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 num_entries4: 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 006c status: NT_STATUS_OK [2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 1080 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0088 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000070 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..136] [2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1792 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 136 (0x88) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=137 [2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) Transaction 30 of length 172 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1856 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 84 (0x54) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 84 (0x54) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30455 (0x76F7) smb_bcc=101 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=84 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0054 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000003c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0005 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_lookup_domain [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 uni_str_len: 0014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 uni_max_len: 0014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 buffer : 000dd2f0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c uni_max_len: 0000000a [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 offset : 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_str_len: 0000000a [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0028 buffer : U.T.B.I.L.D.N.I.N.G. [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000010) [2003/10/18 14:44:43, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2537) Returning domain sid for domain UTBILDNING -> S-1-5-21-1179238187-1290062419-276724248 [2003/10/18 14:44:43, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(138) init_samr_r_lookup_domain [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_lookup_domain [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr: 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 num_auths: 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0008 sid_rev_num: 01 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0009 num_auths : 04 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000a id_auth[0] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000b id_auth[1] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000c id_auth[2] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000d id_auth[3] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e id_auth[4] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000f id_auth[5] : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0010 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 20 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 003c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000024 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..60] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1856 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 31 of length 164 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1920 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30455 (0x76F7) smb_bcc=93 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=76 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 004c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000034 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0007 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 flags: 00000211 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_auths: 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001c sid_rev_num: 01 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001d num_auths : 04 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e id_auth[0] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001f id_auth[1] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0020 id_auth[2] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0021 id_auth[3] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0022 id_auth[4] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0023 id_auth[5] : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0024 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) [2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] lib/util_seaccess.c:se_access_check(315) se_access_check: access (211) denied. [2003/10/18 14:44:43, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(87) _samr_open_domain: ACCESS should be DENIED (requested: 0x00000211) but overritten by euid == sec_initial_uid() [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(403) samr_open_domain: 403 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000005 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1920 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 32 of length 180 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=176 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1984 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30455 (0x76F7) smb_bcc=109 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=92 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 005c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000044 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0032 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATE_USER [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_create_user [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000005 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 uni_str_len: 0014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 uni_max_len: 0016 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 buffer : 0009c298 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c uni_max_len: 0000000b [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 offset : 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 uni_str_len: 0000000a [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0028 buffer : C.I.T.A.D.E.L.X.P.$. [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c acb_info : 00000080 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 access_mask: e00500b0 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_create_user: access check ((granted: 0x00000211; required: 0x00000010) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:43, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:43, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(uid=citadelxp$)(objectclass=sambaSamAccount))] [2003/10/18 14:44:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: citadelxp$ [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_create_user [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 access_granted: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 user_rid : 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 001c status: NT_STATUS_USER_EXISTS [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 22 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0038 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000020 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..56] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=1984 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 33 of length 132 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2048 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30455 (0x76F7) smb_bcc=61 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000006 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0001 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000005 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) samr_reply_close_hnd: 356 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000006 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2048 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 34 of length 132 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2112 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30455 (0x76F7) smb_bcc=61 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000007 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0001 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) samr_reply_close_hnd: 356 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000007 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2112 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 35 of length 45 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2176 smt_wct=3 smb_vwv[ 0]=30455 (0x76F7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f7 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f7 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f7 [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name samr pnum=76f7 (pipes_open=1) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2176 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 36 of length 100 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2240 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \samr. [2003/10/18 14:44:43, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe samr opening. [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested samr (pipes_open=1) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name lsarpc pnum=76f4 [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe samr (pipes_open=1) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe samr with handle 76f8 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name samr pnum=76f8 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:43, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \samr [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2240 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=63488 (0xF800) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 37 of length 140 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2304 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30456 (0x76F8) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f8 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f8 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 12345778 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 1234 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : abcd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : ef 00 01 23 45 67 89 ac [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\samr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\lsass. [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:43, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f8 nwritten=72 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2304 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 38 of length 63 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2368 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30456 (0x76F8) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f8 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f8 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f8 min=1024 max=1024 nread=68 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2368 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 39 of length 168 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2432 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30456 (0x76F8) smb_bcc=97 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=80 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f8 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f8 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f8)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0050 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000038 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0040 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x40 - unknown [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 23 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0020 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_hdr_fault fault [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0018 status : NT code 0x1c010002 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c reserved: 00000000 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..32] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2432 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 40 of length 45 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2496 smt_wct=3 smb_vwv[ 0]=30456 (0x76F8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f8 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f8 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f8 [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name samr pnum=76f8 (pipes_open=1) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2496 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 41 of length 100 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2560 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \samr. [2003/10/18 14:44:43, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe samr opening. [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested samr (pipes_open=1) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) open_rpc_pipe_p: name lsarpc pnum=76f4 [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe samr (pipes_open=1) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe samr with handle 76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name samr pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=76f4 [2003/10/18 14:44:43, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \samr [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2560 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=63744 (0xF900) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 42 of length 140 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2624 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30457 (0x76F9) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) api_pipe_bind_req: decode request. 843 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_elements: 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000c context_id : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 000e num_syntaxes: 01 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 data : 12345778 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 data : 1234 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 data : abcd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data : ef 00 01 23 45 67 89 ac [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 version: 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 data : 8a885d04 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 data : 1ceb [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a data : 11c9 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 version: 00000002 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) api_pipe_bind_req: make response. 984 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe.c:check_bind_req(726) check_bind_req for \PIPE\samr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 max_tsize: 10b8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0002 max_rsize: 10b8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 assoc_gid: 000053f0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 len: 000c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000a str: \PIPE\lsass. [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0018 num_results: 01 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c result : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e reason : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 8a885d04 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1ceb [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11c9 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000002 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:43, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=76f9 nwritten=72 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2624 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 43 of length 63 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2688 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30457 (0x76F9) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=76f9 min=1024 max=1024 nread=68 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2688 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 44 of length 156 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2752 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30457 (0x76F9) smb_bcc=85 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=68 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000002c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 003e [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_connect4 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr_srv_name: 00135d58 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000a [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000a [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.S.T.U.D.E.N.T... [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 unk_0: 00000002 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 access_mask: 00000021 [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2472) _samr_connect4: 2472 [2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (21) granted. [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 06 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2503) _samr_connect: 2503 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_connect4 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000006 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 752 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2752 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 45 of length 164 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2816 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30457 (0x76F9) smb_bcc=93 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=76 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 004c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000034 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0007 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000006 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 flags: 00000200 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_auths: 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001c sid_rev_num: 01 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001d num_auths : 04 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e id_auth[0] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001f id_auth[1] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0020 id_auth[2] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0021 id_auth[3] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0022 id_auth[4] : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0023 id_auth[5] : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 0024 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_open_domain: access check ((granted: 0x00000021; required: 0x00000020) [2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (200) granted. [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[3] [000] 00 00 00 00 07 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(403) samr_open_domain: 403 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000007 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2816 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 46 of length 188 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2880 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30457 (0x76F9) smb_bcc=117 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=100 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0064 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000004c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0011 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_lookup_names [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000007 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 num_names1: 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 flags : 000003e8 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c ptr : 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 num_names2: 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 uni_str_len: 0014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 uni_max_len: 0016 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 buffer : 0009c298 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c uni_max_len: 0000000b [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 offset : 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 uni_str_len: 0000000a [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0038 buffer : C.I.T.A.D.E.L.X.P.$. [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1449) _samr_lookup_names: 1449 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_lookup_names: access check ((granted: 0x00000200; required: 0000000000) [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1468) _samr_lookup_names: looking name on SID S-1-5-21-1179238187-1290062419-276724248 [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 [2003/10/18 14:44:43, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:43, 4] lib/username.c:map_username(132) Scanning username map /etc/samba/users.map [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2003/10/18 14:44:43, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:43, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(uid=CITADELXP$)(objectclass=sambaSamAccount))] [2003/10/18 14:44:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: citadelxp$ [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4709) init_samr_r_lookup_names [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1511) _samr_lookup_names: 1511 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_lookup_names [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 num_rids1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 ptr_rids : 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 num_types1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c ptr_types : 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0010 status: NT_STATUS_NONE_MAPPED [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 46 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..44] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2880 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 47 of length 132 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2944 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30457 (0x76F9) smb_bcc=61 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0001 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000007 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) samr_reply_close_hnd: 356 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=2944 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 48 of length 132 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=3008 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30457 (0x76F9) smb_bcc=61 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0001 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000006 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: bb 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) samr_reply_close_hnd: 356 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=3008 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 49 of length 45 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3072 smt_wct=3 smb_vwv[ 0]=30457 (0x76F9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f9 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=76f9 (pipes_open=2) [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=2) [2003/10/18 14:44:43, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f9 [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name samr pnum=76f9 (pipes_open=1) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3072 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 50 of length 132 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=3136 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=61 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002c [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 00000014 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0000 [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\lsarpc [2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_close [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000001 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: ba 35 91 3f 4e 0b 00 00 [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? [010] 4E 0B 00 00 N... [2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_close [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_OK [2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called lsarpc successfully [2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=832 smb_uid=100 smb_mid=3136 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 51 of length 45 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3200 smt_wct=3 smb_vwv[ 0]=30452 (0x76F4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 contains 6 SIDs SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 512 and contains 2 supplementary groups Group[ 0]: 512 Group[ 1]: 544 [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,0) gid=(0,512) [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=76f4 [2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=76f4 (pipes_open=1) [2003/10/18 14:44:43, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:76f4 [2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name lsarpc pnum=76f4 (pipes_open=0) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3200 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 52 of length 43 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=3264 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBulogoffX (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:43, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2003/10/18 14:44:43, 5] auth/auth_util.c:free_server_info(1210) attempting to free (and zero) a server_info structure [2003/10/18 14:44:43, 3] smbd/reply.c:reply_ulogoffX(1055) ulogoffX vuid=100 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=3264 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) Transaction 53 of length 39 [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3328 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) switch message SMBtdis (pid 2894) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:43, 3] smbd/service.c:close_cnum(887) citadelxp (192.168.0.100) closed connection to service IPC$ [2003/10/18 14:44:43, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2003/10/18 14:44:43, 4] smbd/vfs.c:vfs_ChDir(611) vfs_ChDir to / [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) [2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3328 smt_wct=0 smb_bcc=0 [2003/10/18 14:44:43, 3] smbd/process.c:timeout_processing(1099) timeout_processing: End of file from client (client has disconnected). [2003/10/18 14:44:43, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2003/10/18 14:44:43, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/18 14:44:43, 2] smbd/server.c:exit_server(558) Closing connections [2003/10/18 14:44:43, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2003/10/18 14:44:43, 5] smbd/oplock.c:receive_local_message(107) receive_local_message: doing select with timeout of 1 ms [2003/10/18 14:44:43, 3] smbd/server.c:exit_server(601) Server exit (normal exit)