[2003/10/23 15:33:39, 6] param/loadparm.c:lp_file_list_changed(2670) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Oct 23 14:42:42 2003 [2003/10/23 15:33:39, 5] smbd/connection.c:claim_connection(170) claiming 0 [2003/10/23 15:33:39, 5] smbd/reply.c:reply_special(142) init msg_type=0x81 msg_flags=0x0 [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,4) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,4) wrote 4 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 133 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x85 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 1 of length 137 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 13121) [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/23 15:33:39, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/10/23 15:33:39, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN1.0] [2003/10/23 15:33:39, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [Windows for Workgroups 3.1a] [2003/10/23 15:33:39, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LM1.2X002] [2003/10/23 15:33:39, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN2.1] [2003/10/23 15:33:39, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2003/10/23 15:33:39, 6] param/loadparm.c:lp_file_list_changed(2670) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Oct 23 14:42:42 2003 [2003/10/23 15:33:39, 6] param/loadparm.c:lp_file_list_changed(2670) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Oct 23 14:42:42 2003 [2003/10/23 15:33:39, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2003/10/23 15:33:39, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2003/10/23 15:33:39, 5] smbd/negprot.c:reply_negprot(538) negprot index=5 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=16640 (0x4100) smb_vwv[ 8]= 51 (0x33) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]= 3299 (0xCE3) smb_vwv[13]=12184 (0x2F98) smb_vwv[14]=50073 (0xC399) smb_vwv[15]=58369 (0xE401) smb_vwv[16]=15101 (0x3AFD) smb_bcc=58 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 73 61 6D 62 61 64 65 76 31 00 00 00 00 00 00 00 sambadev 1....... [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,131) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,131) wrote 131 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 208 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0xd0 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 2 of length 212 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=208 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 77 (0x4D) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=149 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 60 4B 06 06 2B 06 01 05 05 02 A0 41 30 3F A0 0E `K..+... ...A0?.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2D 0...+... ..7....- [020] 04 2B 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .+NTLMSS P....... [030] 08 E0 06 00 06 00 25 00 00 00 05 00 05 00 20 00 ......%. ...... . [040] 00 00 43 46 4D 32 52 53 41 4D 42 41 31 57 00 69 ..CFM2RS AMBA1W.i [050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [060] 00 30 00 30 00 20 00 32 00 31 00 39 00 35 00 00 .0.0. .2 .1.9.5.. [070] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [080] 00 32 00 30 00 30 00 30 00 20 00 35 00 2E 00 30 .2.0.0.0 . .5...0 [090] 00 00 00 00 00 ..... [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 13121) [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/23 15:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/10/23 15:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/10/23 15:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/10/23 15:33:39, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/10/23 15:33:39, 3] smbd/sesssetup.c:reply_spnego_negotiate(388) Got secblob of size 43 [2003/10/23 15:33:39, 5] auth/auth.c:make_auth_context_subsystem(463) Making default auth method list for DC, security=user, encrypt passwords = yes [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend rhosts [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'rhosts' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend hostsequiv [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'hostsequiv' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam_ignoredomain [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam_ignoredomain' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend unix [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'unix' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend winbind [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'winbind' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend smbserver [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'smbserver' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend trustdomain [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'trustdomain' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend ntdomain [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'ntdomain' [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend guest [2003/10/23 15:33:39, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'guest' [2003/10/23 15:33:39, 5] auth/auth.c:load_auth_module(370) load_auth_module: Attempting to find an auth method to match guest [2003/10/23 15:33:39, 5] auth/auth.c:load_auth_module(395) load_auth_module: auth method guest has a valid init [2003/10/23 15:33:39, 5] auth/auth.c:load_auth_module(370) load_auth_module: Attempting to find an auth method to match sam [2003/10/23 15:33:39, 5] auth/auth.c:load_auth_module(395) load_auth_module: auth method sam has a valid init [2003/10/23 15:33:39, 5] auth/auth.c:load_auth_module(370) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2003/10/23 15:33:39, 5] auth/auth.c:load_auth_module(370) load_auth_module: Attempting to find an auth method to match trustdomain [2003/10/23 15:33:39, 5] auth/auth.c:load_auth_module(395) load_auth_module: auth method trustdomain has a valid init [2003/10/23 15:33:39, 5] auth/auth.c:load_auth_module(395) load_auth_module: auth method winbind has a valid init [2003/10/23 15:33:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) Got NTLMSSP neg_flags=0xe008b297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2003/10/23 15:33:39, 5] auth/auth.c:get_ntlm_challenge(93) auth_get_challenge: module guest did not want to specify a challenge [2003/10/23 15:33:39, 5] auth/auth.c:get_ntlm_challenge(93) auth_get_challenge: module sam did not want to specify a challenge [2003/10/23 15:33:39, 5] auth/auth.c:get_ntlm_challenge(93) auth_get_challenge: module winbind did not want to specify a challenge [2003/10/23 15:33:39, 5] auth/auth.c:get_ntlm_challenge(132) auth_context challenge created by random [2003/10/23 15:33:39, 5] auth/auth.c:get_ntlm_challenge(133) challenge is: [2003/10/23 15:33:39, 5] lib/util.c:dump_data(1825) [000] 59 C6 8E 8B E0 5C A5 85 Y....\.. [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,304) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,304) wrote 304 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 214 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0xd6 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 3 of length 218 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=214 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 214 (0xD6) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 83 (0x53) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=155 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] A1 51 30 4F A2 4D 04 4B 4E 54 4C 4D 53 53 50 00 .Q0O.M.K NTLMSSP. [010] 03 00 00 00 01 00 01 00 4A 00 00 00 00 00 00 00 ........ J....... [020] 4B 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 K....... @....... [030] 40 00 00 00 0A 00 0A 00 40 00 00 00 00 00 00 00 @....... @....... [040] 4B 00 00 00 15 0A 80 20 63 00 66 00 6D 00 32 00 K...... c.f.m.2. [050] 72 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 r..W.i.n .d.o.w.s [060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 [070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o [080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 13121) [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/23 15:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/10/23 15:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/10/23 15:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/10/23 15:33:39, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[] domain=[] workstation=[cfm2r] len1=1 len2=0 [2003/10/23 15:33:39, 6] param/loadparm.c:lp_file_list_changed(2670) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Oct 23 14:42:42 2003 [2003/10/23 15:33:39, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user []\[] from workstation [cfm2r] [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(298) secrets_fetch failed! [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 10] lib/gencache.c:gencache_get(286) Cache entry with key = TDOM/SAMBA1 couldn't be found [2003/10/23 15:33:39, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) no entry for trusted domain SAMBA1 found. [2003/10/23 15:33:39, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for () [2003/10/23 15:33:39, 5] auth/auth_util.c:make_user_info(142) making strings for 's user_info struct [2003/10/23 15:33:39, 5] auth/auth_util.c:make_user_info(184) making blobs for 's user_info struct [2003/10/23 15:33:39, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user []\[]@[cfm2r] with the new password interface [2003/10/23 15:33:39, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [SAMBA1]\[]@[cfm2r] [2003/10/23 15:33:39, 5] lib/util.c:dump_data(1825) [000] 59 C6 8E 8B E0 5C A5 85 Y....\.. [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user kakuma, uid 1000 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user user1, uid 2100 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user uffff, uid 65535 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user cfm2r$, uid 2101 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user user2, uid 2102 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user root, uid 0 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(513) getsmbfilepwent: end of file reached. [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 10] lib/system_smbd.c:sys_getgrouplist(113) sys_getgrouplist: user [nobody] [2003/10/23 15:33:39, 10] lib/system_smbd.c:sys_getgrouplist(122) sys_getgrouplist(): disabled winbindd for group lookup [user == nobody] [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 65534 Primary group is 65534 and contains 2 supplementary groups Group[ 0]: 65534 Group[ 1]: 65534 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 10] passdb/lookup_sid.c:gid_to_sid(364) gid_to_sid: local 65534 -> S-1-5-21-3806576807-3926394018-2637493433-132069 [2003/10/23 15:33:39, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 65534 -> S-1-5-21-3806576807-3926394018-2637493433-132069 [2003/10/23 15:33:39, 5] auth/auth_util.c:make_server_info_sam(838) make_server_info_sam: made server info for user nobody -> nobody [2003/10/23 15:33:39, 3] auth/auth.c:check_ntlm_password(265) check_ntlm_password: guest authentication for user [] succeeded [2003/10/23 15:33:39, 5] auth/auth.c:check_ntlm_password(302) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2003/10/23 15:33:39, 5] auth/auth_util.c:free_user_info(1185) attempting to free (and zero) a user_info structure [2003/10/23 15:33:39, 10] smbd/password.c:register_vuid(144) register_vuid: allocated vuid = 100 [2003/10/23 15:33:39, 10] smbd/password.c:register_vuid(205) register_vuid: (65534,65534) nobody SAMBA1 guest=1 [2003/10/23 15:33:39, 3] smbd/password.c:register_vuid(207) User name: nobody Real name: nobody [2003/10/23 15:33:39, 3] smbd/password.c:register_vuid(225) UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,124) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,124) wrote 124 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 84 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x54 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 4 of length 88 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=84 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 84 (0x54) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=41 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 5C 00 5C 00 53 00 41 00 4D 00 42 00 41 00 44 .\.\.S.A .M.B.A.D [010] 00 45 00 56 00 31 00 5C 00 49 00 50 00 43 00 24 .E.V.1.\ .I.P.C.$ [020] 00 00 00 3F 3F 3F 3F 3F 00 ...????? . [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 13121) [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/23 15:33:39, 4] smbd/reply.c:reply_tcon_and_X(266) Client requested device type [?????] for share [IPC$] [2003/10/23 15:33:39, 5] smbd/service.c:make_connection(860) making a connection to 'normal' service ipc$ [2003/10/23 15:33:39, 5] lib/username.c:Get_Pwnam(288) Finding user nobody [2003/10/23 15:33:39, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is nobody [2003/10/23 15:33:39, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [nobody]! [2003/10/23 15:33:39, 3] smbd/service.c:make_connection_snum(536) Connect path is '/tmp' for service [IPC$] [2003/10/23 15:33:39, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2003/10/23 15:33:39, 10] lib/util_seaccess.c:se_map_generic(192) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2003/10/23 15:33:39, 10] lib/util_seaccess.c:se_access_check(250) se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-3806576807-3926394018-2637493433-501. [2003/10/23 15:33:39, 3] lib/util_seaccess.c:se_access_check(267) [2003/10/23 15:33:39, 3] lib/util_seaccess.c:se_access_check(268) se_access_check: user sid is S-1-5-21-3806576807-3926394018-2637493433-501 se_access_check: also S-1-5-21-3806576807-3926394018-2637493433-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3806576807-3926394018-2637493433-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2003/10/23 15:33:39, 5] lib/util_seaccess.c:se_access_check(325) se_access_check: access (2) granted. [2003/10/23 15:33:39, 3] smbd/vfs.c:vfs_init_default(201) Initialising default vfs hooks [2003/10/23 15:33:39, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2003/10/23 15:33:39, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2003/10/23 15:33:39, 10] lib/util_seaccess.c:se_map_generic(192) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2003/10/23 15:33:39, 10] lib/util_seaccess.c:se_access_check(250) se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-3806576807-3926394018-2637493433-501. [2003/10/23 15:33:39, 3] lib/util_seaccess.c:se_access_check(267) [2003/10/23 15:33:39, 3] lib/util_seaccess.c:se_access_check(268) se_access_check: user sid is S-1-5-21-3806576807-3926394018-2637493433-501 se_access_check: also S-1-5-21-3806576807-3926394018-2637493433-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3806576807-3926394018-2637493433-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2003/10/23 15:33:39, 5] lib/util_seaccess.c:se_access_check(325) se_access_check: access (1) granted. [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-3806576807-3926394018-2637493433-501 contains 6 SIDs SID[ 0]: S-1-5-21-3806576807-3926394018-2637493433-501 SID[ 1]: S-1-5-21-3806576807-3926394018-2637493433-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-3806576807-3926394018-2637493433-132069 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 65534 Primary group is 65534 and contains 2 supplementary groups Group[ 0]: 65534 Group[ 1]: 65534 [2003/10/23 15:33:39, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,65534) gid=(0,65534) [2003/10/23 15:33:39, 3] smbd/service.c:make_connection_snum(696) cfm2r (xxx.xx.x.xx) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 13121) [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/10/23 15:33:39, 3] smbd/reply.c:reply_tcon_and_X(314) tconX service=IPC$ [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 49 50 43 00 00 00 00 IPC.... [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,52) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,52) wrote 52 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 100 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x64 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 5 of length 104 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 13121) [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-3806576807-3926394018-2637493433-501 contains 6 SIDs SID[ 0]: S-1-5-21-3806576807-3926394018-2637493433-501 SID[ 1]: S-1-5-21-3806576807-3926394018-2637493433-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-3806576807-3926394018-2637493433-132069 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 65534 Primary group is 65534 and contains 2 supplementary groups Group[ 0]: 65534 Group[ 1]: 65534 [2003/10/23 15:33:39, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,65534) gid=(0,65534) [2003/10/23 15:33:39, 4] smbd/vfs.c:vfs_ChDir(611) vfs_ChDir to /tmp [2003/10/23 15:33:39, 10] smbd/nttrans.c:reply_ntcreate_and_X(597) reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2003/10/23 15:33:39, 4] smbd/nttrans.c:nt_open_pipe(486) nt_open_pipe: Opening pipe \lsarpc. [2003/10/23 15:33:39, 3] smbd/nttrans.c:nt_open_pipe(503) nt_open_pipe: Known pipe lsarpc opening. [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested lsarpc (pipes_open=0) [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) Create pipe requested lsarpc [2003/10/23 15:33:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2003/10/23 15:33:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) Created internal pipe lsarpc (pipes_open=0) [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) Opened pipe lsarpc with handle 7502 (pipes_open=1) [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) open pipes: name lsarpc pnum=7502 [2003/10/23 15:33:39, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) do_ntcreate_pipe_open: open pipe = \lsarpc [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=256 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,107) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,107) wrote 107 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 156 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x9c [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 6 of length 160 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=320 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=89 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 13121) [2003/10/23 15:33:39, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/23 15:33:39, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=72 params=0 setup=2 [2003/10/23 15:33:39, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/23 15:33:39, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/23 15:33:39, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=7502 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=7502 (pipes_open=1) [2003/10/23 15:33:39, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 7502)api_fd_reply: p:0x8353898 max_trans_reply: 1024 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7502 name: lsarpc open: Yes len: 72 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 72 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(401) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 56 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 0b [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0048 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000001 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(517) unmarshall_rpc_header: type = 11, flags = 3 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 56 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(722) process_complete_pdu: processing packet type 11 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(844) api_pipe_bind_req: decode request. 844 [2003/10/23 15:33:39, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(855) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_rb [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_bba [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0000 max_tsize: 10b8 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0002 max_rsize: 10b8 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 assoc_gid: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0008 num_elements: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000c context_id : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 000e num_syntaxes: 01 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 00000f smb_io_rpc_iface [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 data : 12345778 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 data : 1234 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0016 data : abcd [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 0018 data : ef 00 01 23 45 67 89 ab [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0020 version: 00000000 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000024 smb_io_rpc_iface [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0024 data : 8a885d04 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0028 data : 1ceb [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 002a data : 11c9 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 002c data : 9f e8 08 00 2b 10 48 60 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0034 version: 00000002 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(985) api_pipe_bind_req: make response. 985 [2003/10/23 15:33:39, 3] rpc_server/srv_pipe.c:check_bind_req(727) check_bind_req for \PIPE\lsarpc [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_ba [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_bba [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0000 max_tsize: 10b8 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0002 max_rsize: 10b8 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 assoc_gid: 000053f0 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000008 smb_io_rpc_addr_str [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 len: 000c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 000a str: \PIPE\lsass. [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000016 smb_io_rpc_results [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0018 num_results: 01 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 001c result : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 001e reason : 0000 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000020 smb_io_rpc_iface [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0020 data : 8a885d04 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0024 data : 1ceb [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0026 data : 11c9 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 0028 data : 9f e8 08 00 2b 10 48 60 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0030 version: 00000002 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 0c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0044 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000001 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 56 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7502 name: lsarpc len: 1024 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2003/10/23 15:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..68] [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=320 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,128) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,128) wrote 128 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 184 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0xb8 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 7 of length 188 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=384 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=117 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [020] 00 4C 00 00 00 00 00 2C 00 D0 4E 0A 00 0C 00 00 .L....., ..N..... [030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 53 00 41 ........ .\.\.S.A [040] 00 4D 00 42 00 41 00 44 00 45 00 56 00 31 00 00 .M.B.A.D .E.V.1.. [050] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 54 F7 85 00 0C 00 00 00 02 00 01 .....T.. ........ [070] 00 01 08 00 00 ..... [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 13121) [2003/10/23 15:33:39, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/23 15:33:39, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=100 params=0 setup=2 [2003/10/23 15:33:39, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/23 15:33:39, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/23 15:33:39, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=7502 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=7502 (pipes_open=1) [2003/10/23 15:33:39, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 7502)api_fd_reply: p:0x8353898 max_trans_reply: 1024 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7502 name: lsarpc open: Yes len: 100 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 100 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(401) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 84 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0064 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000001 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(517) unmarshall_rpc_header: type = 0, flags = 3 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 84 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 84, incoming data = 84 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(722) process_complete_pdu: processing packet type 0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_req req [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 alloc_hint: 0000004c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0004 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0006 opnum : 002c [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\lsarpc [2003/10/23 15:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1514) api_rpc_cmds[0].fn == 0x80e8140 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_q_open_pol2 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 ptr : 000a4ed0 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000004 smb_io_unistr2 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 uni_max_len: 0000000c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0008 undoc : 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c uni_str_len: 0000000c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 0010 buffer : \.\.S.A.M.B.A.D.E.V.1... [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000028 lsa_io_obj_attr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0028 len : 00000018 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 002c ptr_root_dir: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0030 ptr_obj_name: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0034 attributes : 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0038 ptr_sec_desc: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 003c ptr_sec_qos : 0085f754 [2003/10/23 15:33:39, 7] rpc_parse/parse_prs.c:prs_debug(81) 000040 lsa_io_obj_qos sec_qos [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0040 len : 0000000c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0044 sec_imp_level : 0002 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0046 sec_ctxt_mode : 01 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0047 effective_only: 00 [2003/10/23 15:33:39, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(186) lsa_io_sec_qos: length c does not match size 8 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0048 des_access: 00000801 [2003/10/23 15:33:39, 10] lib/util_seaccess.c:se_access_check(250) se_access_check: requested access 0x00000801, for NT token with 6 entries and first sid S-1-5-21-3806576807-3926394018-2637493433-501. [2003/10/23 15:33:39, 3] lib/util_seaccess.c:se_access_check(267) [2003/10/23 15:33:39, 3] lib/util_seaccess.c:se_access_check(268) se_access_check: user sid is S-1-5-21-3806576807-3926394018-2637493433-501 se_access_check: also S-1-5-21-3806576807-3926394018-2637493433-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3806576807-3926394018-2637493433-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 801 [2003/10/23 15:33:39, 5] lib/util_seaccess.c:se_access_check(325) se_access_check: access (801) granted. [2003/10/23 15:33:39, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 43 76 97 3F ........ ....Cv.? [010] 41 33 00 00 A3.. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_r_open_pol2 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_pol_hnd [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 data1: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 data2: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 data3: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a data4: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 000c data5: 43 76 97 3f 41 33 00 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0014 status: NT_STATUS_OK [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called lsarpc successfully [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 832 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 84 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7502 name: lsarpc len: 1024 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 02 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0030 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000010 smb_io_rpc_hdr_resp resp [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 alloc_hint: 00000018 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0016 cancel_ct : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0017 reserved : 00 [2003/10/23 15:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=384 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 43 76 97 3F 41 33 00 00 00 00 00 .....Cv. ?A3..... [030] 00 . [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,108) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,108) wrote 108 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 130 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x82 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 8 of length 134 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=63 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 43 76 97 3F 41 33 00 00 03 00 .....Cv. ?A3.... [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 13121) [2003/10/23 15:33:39, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/23 15:33:39, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=46 params=0 setup=2 [2003/10/23 15:33:39, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/23 15:33:39, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/23 15:33:39, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=7502 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=7502 (pipes_open=1) [2003/10/23 15:33:39, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 7502)api_fd_reply: p:0x8353898 max_trans_reply: 1024 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7502 name: lsarpc open: Yes len: 46 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 46 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(401) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 30 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 002e [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000002 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(517) unmarshall_rpc_header: type = 0, flags = 3 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 30 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(722) process_complete_pdu: processing packet type 0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_req req [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 alloc_hint: 00000016 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0004 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0006 opnum : 0007 [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\lsarpc [2003/10/23 15:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2003/10/23 15:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1514) api_rpc_cmds[2].fn == 0x80e842c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_q_query [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_pol_hnd [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 data1: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 data2: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 data3: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a data4: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 000c data5: 43 76 97 3f 41 33 00 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 info_class: 0003 [2003/10/23 15:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 43 76 97 3F ........ ....Cv.? [010] 41 33 00 00 A3.. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_r_query [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 undoc_buffer: 22000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0004 info_class: 0003 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000008 lsa_io_dom_query [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 uni_dom_max_len: 000c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a uni_dom_str_len: 000e [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c buffer_dom_name: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 buffer_dom_sid : 00000001 [2003/10/23 15:33:39, 7] rpc_parse/parse_prs.c:prs_debug(81) 000014 smb_io_unistr2 unistr2 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0014 uni_max_len: 00000007 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0018 undoc : 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 001c uni_str_len: 00000006 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 0020 buffer : S.A.M.B.A.1. [2003/10/23 15:33:39, 7] rpc_parse/parse_prs.c:prs_debug(81) 00002c smb_io_dom_sid2 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 002c num_auths: 00000004 [2003/10/23 15:33:39, 8] rpc_parse/parse_prs.c:prs_debug(81) 000030 smb_io_dom_sid sid [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0030 sid_rev_num: 01 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0031 num_auths : 04 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0032 id_auth[0] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0033 id_auth[1] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0034 id_auth[2] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0035 id_auth[3] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0036 id_auth[4] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0037 id_auth[5] : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32s(861) 0038 sub_auths : 00000015 e2e3c0a7 ea0804a2 9d34f4b9 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0048 status: NT_STATUS_OK [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called lsarpc successfully [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 512 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 30 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7502 name: lsarpc len: 1024 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 02 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0064 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000002 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000010 smb_io_rpc_hdr_resp resp [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 alloc_hint: 0000004c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0016 cancel_ct : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0017 reserved : 00 [2003/10/23 15:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..100] [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .L...... ...."... [020] 00 0C 00 0E 00 01 00 00 00 01 00 00 00 07 00 00 ........ ........ [030] 00 00 00 00 00 06 00 00 00 53 00 41 00 4D 00 42 ........ .S.A.M.B [040] 00 41 00 31 00 04 00 00 00 01 04 00 00 00 00 00 .A.1.... ........ [050] 05 15 00 00 00 A7 C0 E3 E2 A2 04 08 EA B9 F4 34 ........ .......4 [060] 9D 00 00 00 00 ..... [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,160) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,160) wrote 160 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 130 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x82 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 9 of length 134 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=512 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=63 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 43 76 97 3F 41 33 00 00 05 00 .....Cv. ?A3.... [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 13121) [2003/10/23 15:33:39, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/23 15:33:39, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=46 params=0 setup=2 [2003/10/23 15:33:39, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/23 15:33:39, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/23 15:33:39, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=7502 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=7502 (pipes_open=1) [2003/10/23 15:33:39, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 7502)api_fd_reply: p:0x8353898 max_trans_reply: 1024 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7502 name: lsarpc open: Yes len: 46 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 46 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(401) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 30 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 002e [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000003 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(517) unmarshall_rpc_header: type = 0, flags = 3 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 30 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(722) process_complete_pdu: processing packet type 0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_req req [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 alloc_hint: 00000016 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0004 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0006 opnum : 0007 [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\lsarpc [2003/10/23 15:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2003/10/23 15:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1514) api_rpc_cmds[2].fn == 0x80e842c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_q_query [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_pol_hnd [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 data1: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 data2: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 data3: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a data4: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 000c data5: 43 76 97 3f 41 33 00 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 info_class: 0005 [2003/10/23 15:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 43 76 97 3F ........ ....Cv.? [010] 41 33 00 00 A3.. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_r_query [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 undoc_buffer: 22000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0004 info_class: 0005 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000008 lsa_io_dom_query [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 uni_dom_max_len: 000c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a uni_dom_str_len: 000e [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c buffer_dom_name: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 buffer_dom_sid : 00000001 [2003/10/23 15:33:39, 7] rpc_parse/parse_prs.c:prs_debug(81) 000014 smb_io_unistr2 unistr2 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0014 uni_max_len: 00000007 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0018 undoc : 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 001c uni_str_len: 00000006 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 0020 buffer : S.A.M.B.A.1. [2003/10/23 15:33:39, 7] rpc_parse/parse_prs.c:prs_debug(81) 00002c smb_io_dom_sid2 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 002c num_auths: 00000004 [2003/10/23 15:33:39, 8] rpc_parse/parse_prs.c:prs_debug(81) 000030 smb_io_dom_sid sid [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0030 sid_rev_num: 01 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0031 num_auths : 04 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0032 id_auth[0] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0033 id_auth[1] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0034 id_auth[2] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0035 id_auth[3] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0036 id_auth[4] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0037 id_auth[5] : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32s(861) 0038 sub_auths : 00000015 e2e3c0a7 ea0804a2 9d34f4b9 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0048 status: NT_STATUS_OK [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called lsarpc successfully [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 512 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 30 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7502 name: lsarpc len: 1024 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 02 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0064 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000003 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000010 smb_io_rpc_hdr_resp resp [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 alloc_hint: 0000004c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0016 cancel_ct : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0017 reserved : 00 [2003/10/23 15:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..100] [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=512 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 03 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .L...... ...."... [020] 00 0C 00 0E 00 01 00 00 00 01 00 00 00 07 00 00 ........ ........ [030] 00 00 00 00 00 06 00 00 00 53 00 41 00 4D 00 42 ........ .S.A.M.B [040] 00 41 00 31 00 04 00 00 00 01 04 00 00 00 00 00 .A.1.... ........ [050] 05 15 00 00 00 A7 C0 E3 E2 A2 04 08 EA B9 F4 34 ........ .......4 [060] 9D 00 00 00 00 ..... [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,160) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,160) wrote 160 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 192 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0xc0 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 10 of length 196 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=576 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=125 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 6C 00 00 00 04 00 00 ........ .l...... [020] 00 54 00 00 00 00 00 3A 00 00 00 00 00 01 00 00 .T.....: ........ [030] 00 00 00 00 00 43 76 97 3F 41 33 00 00 01 00 00 .....Cv. ?A3..... [040] 00 01 00 00 00 0A 00 0C 00 40 F9 0B 00 06 00 00 ........ .@...... [050] 00 00 00 00 00 05 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r [060] 00 32 00 00 00 01 00 00 00 00 00 00 00 02 00 00 .2...... ........ [070] 00 00 00 00 00 00 00 00 00 02 00 00 00 ........ ..... [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 13121) [2003/10/23 15:33:39, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/23 15:33:39, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=108 params=0 setup=2 [2003/10/23 15:33:39, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/23 15:33:39, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/23 15:33:39, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=7502 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=7502 (pipes_open=1) [2003/10/23 15:33:39, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 7502)api_fd_reply: p:0x8353898 max_trans_reply: 1024 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7502 name: lsarpc open: Yes len: 108 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 108 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 108 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(401) fill_rpc_header: data_to_copy = 108, len_needed_to_complete_hdr = 16, receive_len = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 92 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 92 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 006c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000004 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(517) unmarshall_rpc_header: type = 0, flags = 3 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 92 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 92, incoming data = 92 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(722) process_complete_pdu: processing packet type 0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_req req [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 alloc_hint: 00000054 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0004 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0006 opnum : 003a [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\lsarpc [2003/10/23 15:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: lsarpc op 0x3a - unknown [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 23 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0020 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000004 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000010 smb_io_rpc_hdr_resp resp [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 alloc_hint: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0016 cancel_ct : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0017 reserved : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000018 smb_io_rpc_hdr_fault fault [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0018 status : NT code 0x1c010002 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 001c reserved: 00000000 [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 92 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7502 name: lsarpc len: 1024 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2003/10/23 15:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..32] [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=576 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 04 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,92) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,92) wrote 92 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 184 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0xb8 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 11 of length 188 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=640 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=117 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 64 00 00 00 05 00 00 ........ .d...... [020] 00 4C 00 00 00 00 00 0E 00 00 00 00 00 01 00 00 .L...... ........ [030] 00 00 00 00 00 43 76 97 3F 41 33 00 00 01 00 00 .....Cv. ?A3..... [040] 00 01 00 00 00 0A 00 0C 00 40 F9 0B 00 06 00 00 ........ .@...... [050] 00 00 00 00 00 05 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r [060] 00 32 00 00 00 00 00 00 00 00 00 00 00 02 00 00 .2...... ........ [070] 00 00 00 00 00 ..... [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 13121) [2003/10/23 15:33:39, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/23 15:33:39, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=100 params=0 setup=2 [2003/10/23 15:33:39, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/23 15:33:39, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/23 15:33:39, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=7502 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=7502 (pipes_open=1) [2003/10/23 15:33:39, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 7502)api_fd_reply: p:0x8353898 max_trans_reply: 1024 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7502 name: lsarpc open: Yes len: 100 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 100 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(401) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 84 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0064 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000005 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(517) unmarshall_rpc_header: type = 0, flags = 3 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 84 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 84, incoming data = 84 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(722) process_complete_pdu: processing packet type 0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_req req [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 alloc_hint: 0000004c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0004 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0006 opnum : 000e [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\lsarpc [2003/10/23 15:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: lsarpc op 0xe - api_rpcTNP: rpc command: LSA_LOOKUPNAMES [2003/10/23 15:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1514) api_rpc_cmds[7].fn == 0x80e86b0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_q_lookup_names [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_pol_hnd [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 data1: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 data2: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 data3: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a data4: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 000c data5: 43 76 97 3f 41 33 00 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0014 num_entries : 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0018 num_entries2 : 00000001 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 00001c smb_io_unihdr hdr_name [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 001c uni_str_len: 000a [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 001e uni_max_len: 000c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0020 buffer : 000bf940 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000024 smb_io_unistr2 dom_name [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0024 uni_max_len: 00000006 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0028 undoc : 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 002c uni_str_len: 00000005 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 0030 buffer : u.s.e.r.2. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 003c num_trans_entries : 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0040 ptr_trans_sids : 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0044 lookup_level : 00000002 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0048 mapped_count : 00000000 [2003/10/23 15:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 43 76 97 3F ........ ....Cv.? [010] 41 33 00 00 A3.. [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 10] lib/util_sid.c:split_domain_name(209) split_domain_name:name 'user2' split into domain :'SAMBADEV1' and user :'user2' [2003/10/23 15:33:39, 5] rpc_server/srv_lsa_nt.c:init_lsa_rid2s(162) init_lsa_rid2s: looking up name user2 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2003/10/23 15:33:39, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/23 15:33:39, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user kakuma, uid 1000 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user user1, uid 2100 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user uffff, uid 65535 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user cfm2r$, uid 2101 [2003/10/23 15:33:39, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(464) getsmbfilepwent: returning passwd entry for user user2, uid 2102 [2003/10/23 15:33:39, 4] lib/substitute.c:automount_server(318) Home server: sambadev1 [2003/10/23 15:33:39, 4] lib/substitute.c:automount_server(318) Home server: sambadev1 [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/23 15:33:39, 10] passdb/lookup_sid.c:lookup_name(53) lookup_name: (local) [SAMBADEV1]\[user2] -> SID S-1-5-21-3806576807-3926394018-2637493433-5204 (type User: 1) [2003/10/23 15:33:39, 5] rpc_server/srv_lsa_nt.c:init_lsa_rid2s(167) init_lsa_rid2s: found [2003/10/23 15:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_r_lookup_names [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 ptr_dom_ref: 00000001 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000004 lsa_io_dom_r_ref [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 num_ref_doms_1: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0008 ptr_ref_dom : 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c max_entries : 00000020 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 num_ref_doms_2: 00000001 [2003/10/23 15:33:39, 7] rpc_parse/parse_prs.c:prs_debug(81) 000014 smb_io_unihdr dom_ref[0] [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 uni_str_len: 0012 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0016 uni_max_len: 0012 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0018 buffer : 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 001c sid_ptr[0] : 00000001 [2003/10/23 15:33:39, 7] rpc_parse/parse_prs.c:prs_debug(81) 000020 smb_io_unistr2 dom_ref[0] [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0020 uni_max_len: 00000009 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0024 undoc : 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0028 uni_str_len: 00000009 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 002c buffer : S.A.M.B.A.D.E.V.1. [2003/10/23 15:33:39, 7] rpc_parse/parse_prs.c:prs_debug(81) 000040 smb_io_dom_sid2 sid_ptr[0] [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0040 num_auths: 00000004 [2003/10/23 15:33:39, 8] rpc_parse/parse_prs.c:prs_debug(81) 000044 smb_io_dom_sid sid [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0044 sid_rev_num: 01 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0045 num_auths : 04 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0046 id_auth[0] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0047 id_auth[1] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0048 id_auth[2] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0049 id_auth[3] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 004a id_auth[4] : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 004b id_auth[5] : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32s(861) 004c sub_auths : 00000015 e2e3c0a7 ea0804a2 9d34f4b9 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 005c num_entries: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0060 ptr_entries: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0064 num_entries2: 00000001 [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000068 smb_io_dom_rid2 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0068 type : 01 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 006c rid : 00001454 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0070 rid_idx: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0074 mapped_count: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0078 status : NT_STATUS_OK [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called lsarpc successfully [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 3776 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 84 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7502 name: lsarpc len: 1024 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 124. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 02 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0094 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000005 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000010 smb_io_rpc_hdr_resp resp [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 alloc_hint: 0000007c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0016 cancel_ct : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0017 reserved : 00 [2003/10/23 15:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..148] [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=204 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=640 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 148 (0x94) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=149 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 05 00 02 03 10 00 00 00 94 00 00 00 05 00 00 ........ ........ [010] 00 7C 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .|...... ........ [020] 00 01 00 00 00 20 00 00 00 01 00 00 00 12 00 12 ..... .. ........ [030] 00 01 00 00 00 01 00 00 00 09 00 00 00 00 00 00 ........ ........ [040] 00 09 00 00 00 53 00 41 00 4D 00 42 00 41 00 44 .....S.A .M.B.A.D [050] 00 45 00 56 00 31 00 00 00 04 00 00 00 01 04 00 .E.V.1.. ........ [060] 00 00 00 00 05 15 00 00 00 A7 C0 E3 E2 A2 04 08 ........ ........ [070] EA B9 F4 34 9D 01 00 00 00 01 00 00 00 01 00 00 ...4.... ........ [080] 00 01 00 00 00 54 14 00 00 00 00 00 00 01 00 00 .....T.. ........ [090] 00 00 00 00 00 ..... [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,208) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,208) wrote 208 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 128 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x80 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 12 of length 132 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=704 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=61 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 43 76 97 3F 41 33 00 00 .....Cv. ?A3.. [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 13121) [2003/10/23 15:33:39, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/23 15:33:39, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=44 params=0 setup=2 [2003/10/23 15:33:39, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/23 15:33:39, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/23 15:33:39, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=7502 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=7502 (pipes_open=1) [2003/10/23 15:33:39, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "lsarpc" (pnum 7502)api_fd_reply: p:0x8353898 max_trans_reply: 1024 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7502 name: lsarpc open: Yes len: 44 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 44 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(401) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 28 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 002c [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000006 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(517) unmarshall_rpc_header: type = 0, flags = 3 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 28 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(722) process_complete_pdu: processing packet type 0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr_req req [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 alloc_hint: 00000014 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0004 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0006 opnum : 0000 [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\lsarpc [2003/10/23 15:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2003/10/23 15:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1514) api_rpc_cmds[4].fn == 0x80e87e0 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_q_close [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_pol_hnd [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 data1: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 data2: 00000001 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 data3: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a data4: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 000c data5: 43 76 97 3f 41 33 00 00 [2003/10/23 15:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 43 76 97 3F ........ ....Cv.? [010] 41 33 00 00 A3.. [2003/10/23 15:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 43 76 97 3F ........ ....Cv.? [010] 41 33 00 00 A3.. [2003/10/23 15:33:39, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_r_close [2003/10/23 15:33:39, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_pol_hnd [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 data1: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 data2: 00000000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 data3: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a data4: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0014 status: NT_STATUS_OK [2003/10/23 15:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called lsarpc successfully [2003/10/23 15:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 28 [2003/10/23 15:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7502 name: lsarpc len: 1024 [2003/10/23 15:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_rpc_hdr hdr [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0000 major : 05 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0001 minor : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0002 pkt_type : 02 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0003 flags : 03 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0004 pack_type0: 10 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0005 pack_type1: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0006 pack_type2: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0007 pack_type3: 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 frag_len : 0030 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a auth_len : 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c call_id : 00000006 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 000010 smb_io_rpc_hdr_resp resp [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 alloc_hint: 00000018 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 context_id: 0000 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0016 cancel_ct : 00 [2003/10/23 15:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0017 reserved : 00 [2003/10/23 15:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=704 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/23 15:33:39, 10] lib/util.c:dump_data(1825) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,108) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,108) wrote 108 [2003/10/23 15:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 41 [2003/10/23 15:33:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x29 [2003/10/23 15:33:39, 3] smbd/process.c:process_smb(890) Transaction 13 of length 45 [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=3 smb_vwv[ 0]=29954 (0x7502) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2003/10/23 15:33:39, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 13121) [2003/10/23 15:33:39, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=7502 [2003/10/23 15:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=7502 (pipes_open=1) [2003/10/23 15:33:39, 5] smbd/pipes.c:reply_pipe_close(258) reply_pipe_close: pnum:7502 [2003/10/23 15:33:39, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2003/10/23 15:33:39, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) closed pipe name lsarpc pnum=7502 (pipes_open=0) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(456) [2003/10/23 15:33:39, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=0 smb_bcc=0 [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(407) write_socket(5,39) [2003/10/23 15:33:39, 6] lib/util_sock.c:write_socket(410) write_socket(5,39) wrote 39