[2006/11/08 09:30:48, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 36 [2006/11/08 09:30:48, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x24 [2006/11/08 09:30:48, 3] smbd/process.c:process_smb(1110) Transaction 725 of length 40 [2006/11/08 09:30:48, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:48, 5] lib/util.c:show_msg(488) size=36 smb_com=0xa4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1032 smb_uid=101 smb_mid=37441 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:48, 3] smbd/process.c:switch_message(914) switch message SMBntcancel (pid 7739) conn 0x803864c8 [2006/11/08 09:30:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:48, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:48, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:48, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:48, 3] smbd/error.c:error_packet(146) error packet at smbd/notify.c(55) cmd=160 (SMBnttrans) NT_STATUS_CANCELLED [2006/11/08 09:30:48, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:48, 5] lib/util.c:show_msg(488) size=71 smb_com=0xa0 smb_rcls=32 smb_reh=1 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1032 smb_uid=101 smb_mid=37441 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:48, 3] smbd/notify_kernel.c:kernel_remove_notify(144) kernel_remove_notify: fd=28 [2006/11/08 09:30:48, 3] smbd/nttrans.c:reply_ntcancel(1564) reply_ntcancel: cancel called on mid = 37441. [2006/11/08 09:30:48, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:48, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:48, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:48, 3] smbd/process.c:process_smb(1110) Transaction 726 of length 45 [2006/11/08 09:30:48, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:48, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=3 smb_pid=65279 smb_uid=101 smb_mid=46337 smt_wct=3 smb_vwv[ 0]= 6122 (0x17EA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:48, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7739) conn 0x803864c8 [2006/11/08 09:30:48, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1061, 513) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:48, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-1362721961-1801182073-732966438-3122 contains 19 SIDs SID[ 0]: S-1-5-21-1362721961-1801182073-732966438-3122 SID[ 1]: S-1-5-21-1362721961-1801182073-732966438-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1362721961-1801182073-732966438-1185 SID[ 6]: S-1-5-21-1362721961-1801182073-732966438-1405 SID[ 7]: S-1-5-21-1362721961-1801182073-732966438-1413 SID[ 8]: S-1-5-21-1362721961-1801182073-732966438-1421 SID[ 9]: S-1-5-21-1362721961-1801182073-732966438-1423 SID[ 10]: S-1-5-21-1362721961-1801182073-732966438-1425 SID[ 11]: S-1-5-21-1362721961-1801182073-732966438-1439 SID[ 12]: S-1-5-21-1362721961-1801182073-732966438-1443 SID[ 13]: S-1-5-21-1362721961-1801182073-732966438-3021 SID[ 14]: S-1-5-21-1362721961-1801182073-732966438-3047 SID[ 15]: S-1-5-21-1362721961-1801182073-732966438-3055 SID[ 16]: S-1-5-21-1362721961-1801182073-732966438-3063 SID[ 17]: S-1-5-21-1362721961-1801182073-732966438-3065 SID[ 18]: S-1-5-21-1362721961-1801182073-732966438-3085 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 09:30:48, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 1061 Primary group is 513 and contains 0 supplementary groups [2006/11/08 09:30:48, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(1061,1061) gid=(0,513) [2006/11/08 09:30:48, 3] smbd/reply.c:reply_close(3298) close directory fnum=6122 [2006/11/08 09:30:48, 10] locking/locking.c:parse_share_modes(501) parse_share_modes: delete_on_close: 0, initial_delete_on_close: 0, num_share_modes: 1 [2006/11/08 09:30:48, 10] locking/locking.c:parse_share_modes(594) parse_share_modes: share_mode_entry[0]: pid = 7739, share_access = 0x7, private_options = 0x1, access_mask = 0x100001, mid = 0x0, type= 0x0, file_id = 18, uid = 1061, dev = 0xfd03, inode = 4 [2006/11/08 09:30:48, 5] smbd/files.c:file_free(448) freed files structure 6122 (0 used) [2006/11/08 09:30:48, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:48, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=65279 smb_uid=101 smb_mid=46337 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:48, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x23 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 727 of length 39 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=4 smb_pid=65279 smb_uid=101 smb_mid=46401 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtdis (pid 7739) conn 0x8034c740 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /shares/MetaSystems/Msd [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 1] smbd/service.c:close_cnum(1141) it-01 (192.168.29.254) closed connection to service Msd [2006/11/08 09:30:50, 3] smbd/connection.c:yield_connection(69) Yielding connection to Msd [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to / [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4 smb_pid=65279 smb_uid=101 smb_mid=46401 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x23 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 728 of length 39 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=46465 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtdis (pid 7739) conn 0x80382568 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /tmp [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 3] smbd/service.c:close_cnum(1141) it-01 (192.168.29.254) closed connection to service IPC$ [2006/11/08 09:30:50, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to / [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=46465 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x23 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 729 of length 39 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=46529 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtdis (pid 7739) conn 0x80389110 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /shares/MetaSystems/MetaSystems [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 1] smbd/service.c:close_cnum(1141) it-01 (192.168.29.254) closed connection to service MetaSystems [2006/11/08 09:30:50, 3] smbd/connection.c:yield_connection(69) Yielding connection to MetaSystems [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to / [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=46529 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 39 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x27 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 730 of length 43 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=46593 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBulogoffX (pid 7739) conn 0x0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2006/11/08 09:30:50, 3] smbd/reply.c:reply_ulogoffX(1618) ulogoffX vuid=101 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=46593 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x23 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 731 of length 39 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=101 smb_mid=46657 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtdis (pid 7739) conn 0x803864c8 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /shares/MetaSystems/MetaSetup [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 1] smbd/service.c:close_cnum(1141) it-01 (192.168.29.254) closed connection to service MetaSetup [2006/11/08 09:30:50, 3] smbd/connection.c:yield_connection(69) Yielding connection to MetaSetup [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to / [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=65279 smb_uid=101 smb_mid=46657 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2006/11/08 09:30:50, 10] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2006/11/08 09:30:50, 3] smbd/process.c:timeout_processing(1359) timeout_processing: End of file from client (client has disconnected). [2006/11/08 09:30:50, 5] lib/gencache.c:gencache_shutdown(90) Closing cache file [2006/11/08 09:30:50, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/11/08 09:30:50, 3] smbd/server.c:exit_server_common(675) Server exit (normal exit) [2006/11/08 09:30:50, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Mon Oct 16 11:15:28 2006 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Wed Nov 8 09:24:47 2006 file /etc/samba//smb.conf -> /etc/samba//smb.conf last mod_time: Wed Nov 8 09:28:49 2006 [2006/11/08 09:30:50, 5] smbd/reply.c:reply_special(543) init msg_type=0x81 msg_flags=0x0 [2006/11/08 09:30:50, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2006/11/08 09:30:50, 0] lib/util_sock.c:send_smb(769) Error writing 4 bytes to client. -1. (Connection reset by peer) [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/11/08 09:30:50, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2006/11/08 09:30:50, 3] smbd/server.c:exit_server_common(675) Server exit (process_smb: send_smb failed.) [2006/11/08 09:30:50, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Mon Oct 16 11:15:28 2006 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Wed Nov 8 09:24:47 2006 file /etc/samba//smb.conf -> /etc/samba//smb.conf last mod_time: Wed Nov 8 09:28:49 2006 [2006/11/08 09:30:50, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [MUC]\[muehlfeld] from workstation [IT-01] [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] auth/auth_util.c:is_trusted_domain(2019) is_trusted_domain: Checking for domain trust with [MUC] [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for muehlfeld (muehlfeld) [2006/11/08 09:30:50, 5] auth/auth_util.c:make_user_info(85) making strings for muehlfeld's user_info struct [2006/11/08 09:30:50, 5] auth/auth_util.c:make_user_info(117) making blobs for muehlfeld's user_info struct [2006/11/08 09:30:50, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for muehlfeld (muehlfeld) [2006/11/08 09:30:50, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [MUC]\[muehlfeld]@[IT-01] with the new password interface [2006/11/08 09:30:50, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [MUC]\[muehlfeld]@[IT-01] [2006/11/08 09:30:50, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/11/08 09:30:50, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2006/11/08 09:30:50, 5] lib/util.c:dump_data(2215) [000] C4 AD 6D E1 7B 65 A4 65 ..m.{e.e [2006/11/08 09:30:50, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2006/11/08 09:30:50, 8] lib/util.c:is_myname(2036) is_myname("MUC") returns 0 [2006/11/08 09:30:50, 6] auth/auth_sam.c:check_samstrict_security(421) check_samstrict_security: MUC is not one of my local names or domain name (DC) [2006/11/08 09:30:50, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: sam had nothing to say [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] auth/auth_util.c:is_trusted_domain(2019) is_trusted_domain: Checking for domain trust with [MUC] [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 8] libsmb/namequery.c:get_sorted_dc_list(1551) get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] [2006/11/08 09:30:50, 10] lib/gencache.c:gencache_get(287) Returning valid cache entry: key = SAF/DOMAIN/MUC, value = GENOME, timeout = Wed Nov 8 09:44:01 2006 [2006/11/08 09:30:50, 5] libsmb/namequery.c:saf_fetch(108) saf_fetch: Returning "GENOME" for "MUC" domain [2006/11/08 09:30:50, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: "GENOME, *" [2006/11/08 09:30:50, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up MUC#1c [2006/11/08 09:30:50, 10] lib/gencache.c:gencache_get(287) Returning valid cache entry: key = NBT/MUC#1C, value = 192.168.29.4:0, timeout = Wed Nov 8 09:35:54 2006 [2006/11/08 09:30:50, 5] libsmb/namecache.c:namecache_fetch(201) name MUC#1C found. [2006/11/08 09:30:50, 8] libsmb/namequery.c:get_dc_list(1441) Adding 1 DC's from auto lookup [2006/11/08 09:30:50, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up GENOME#20 [2006/11/08 09:30:50, 10] lib/gencache.c:gencache_get(287) Returning valid cache entry: key = NBT/GENOME#20, value = 192.168.29.4:0, timeout = Wed Nov 8 09:35:54 2006 [2006/11/08 09:30:50, 5] libsmb/namecache.c:namecache_fetch(201) name GENOME#20 found. [2006/11/08 09:30:50, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/11/08 09:30:50, 4] libsmb/namequery.c:get_dc_list(1529) get_dc_list: returning 1 ip addresses in an ordered list [2006/11/08 09:30:50, 4] libsmb/namequery.c:get_dc_list(1530) get_dc_list: 192.168.29.4:0 [2006/11/08 09:30:50, 10] libsmb/namequery.c:name_status_find(276) name_status_find: looking up MUC#1c at 192.168.29.4 [2006/11/08 09:30:50, 10] lib/gencache.c:gencache_get(312) Cache entry with key = NBT/MUC#1C.20.192.168.29.4 couldn't be found [2006/11/08 09:30:50, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/MUC#1C.20.192.168.29.4 found. [2006/11/08 09:30:50, 10] lib/gencache.c:gencache_del(218) Deleting cache entry (key = NBT/MUC#1C.20.192.168.29.4) [2006/11/08 09:30:50, 10] lib/util_sock.c:open_socket_in(839) bind succeeded on port 0 [2006/11/08 09:30:50, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 50 to (192.168.29.4) on port 137 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_udp_socket(294) read_udp_socket: lastip 192.168.29.4 lastport 137 read: 265 [2006/11/08 09:30:50, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 6760 [2006/11/08 09:30:50, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 265 from (192.168.29.4) port 137 [2006/11/08 09:30:50, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 192.168.29.4(137) header: id=6760 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=MUC<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .GENOME hex 0947454E4F4D45202020202020202020 answers 10 char .d.GENOME hex 00640047454E4F4D4520202020202020 answers 20 char .d.GENOME hex 202003640047454E4F4D452020202020 answers 30 char d...__MSBRO hex 2020202020640001025F5F4D5342524F answers 40 char WSE__....MUC hex 5753455F5F0201E4004D554320202020 answers 50 char .d.MUC hex 20202020202020201D64004D55432020 answers 60 char .d.MUC hex 202020202020202020201B64004D5543 answers 70 char ...M hex 2020202020202020202020201CE4004D answers 80 char UC .. hex 55432020202020202020202020201EE4 answers 90 char .MUC hex 004D5543202020202020202020202020 answers a0 char ................ hex 00E40000000000000000000000000000 answers b0 char ................ hex 00000000000000000000000000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char . hex 00 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) GENOME#00: flags = 0x64 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) GENOME#03: flags = 0x64 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) GENOME#20: flags = 0x64 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) __MSBROWSE__#01: flags = 0xe4 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) MUC#1d: flags = 0x64 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) MUC#1b: flags = 0x64 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) MUC#1c: flags = 0xe4 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) MUC#1e: flags = 0xe4 [2006/11/08 09:30:50, 10] libsmb/namequery.c:parse_node_status(158) MUC#00: flags = 0xe4 [2006/11/08 09:30:50, 10] libsmb/namequery.c:name_status_find(315) name_status_find: name found, name GENOME ip address is 192.168.29.4 [2006/11/08 09:30:50, 3] libsmb/namequery_dc.c:rpc_dc_name(117) rpc_dc_name: Returning DC GENOME (192.168.29.4) for domain MUC [2006/11/08 09:30:50, 10] passdb/secrets.c:secrets_named_mutex(779) secrets_named_mutex: got mutex for GENOME [2006/11/08 09:30:50, 3] libsmb/cliconnect.c:cli_start_connection(1417) Connecting to host=GENOME [2006/11/08 09:30:50, 3] lib/util_sock.c:open_socket_out(874) Connecting to 192.168.29.4 at port 445 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 16384 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/11/08 09:30:50, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,183) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,183) wrote 183 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 127 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=7769 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=54784 (0xD600) smb_vwv[ 8]= 26 (0x1A) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=10810 (0x2A3A) smb_vwv[13]= 4152 (0x1038) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 67 65 6E 6F 6D 65 00 00 00 00 00 00 00 00 00 00 genome.. ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=7769 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=54784 (0xD600) smb_vwv[ 8]= 26 (0x1A) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=10810 (0x2A3A) smb_vwv[13]= 4152 (0x1038) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 67 65 6E 6F 6D 65 00 00 00 00 00 00 00 00 00 00 genome.. ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,92) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,92) wrote 92 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 88 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=7769 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=47 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 [020] 00 33 00 63 00 00 00 4D 00 55 00 43 00 00 00 .3.c...M .U.C... [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=7769 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=47 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 [020] 00 33 00 63 00 00 00 4D 00 55 00 43 00 00 00 .3.c...M .U.C... [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,80) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,80) wrote 80 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 48 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=7 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/11/08 09:30:50, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user domain [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,108) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,108) wrote 108 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[7712]: \NETLOGON auth_type 0, auth_level 0 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7712 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30482 (0x7712) smb_bcc=87 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,158) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,158) wrote 158 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7712 returned 68 bytes. [2006/11/08 09:30:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine GENOME pipe \NETLOGON fnum 0x7712 bind request returned ok. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine GENOME and bound anonymously. [2006/11/08 09:30:50, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) cli_net_req_chal: LSA Request Challenge from CODON to \\GENOME [2006/11/08 09:30:50, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2006/11/08 09:30:50, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.G.E.N.O.M.E... [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000022 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : C.O.D.O.N... [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00003c smb_io_chal [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data: 21 38 c1 73 3e 28 5d ff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 005c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0004 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7712 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30482 (0x7712) smb_bcc=107 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 02 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 04 00 01 00 00 00 09 00 00 00 00 ........ ........ [030] 00 00 00 09 00 00 00 5C 00 5C 00 47 00 45 00 4E .......\ .\.G.E.N [040] 00 4F 00 4D 00 45 00 00 00 00 00 06 00 00 00 00 .O.M.E.. ........ [050] 00 00 00 06 00 00 00 43 00 4F 00 44 00 4F 00 4E .......C .O.D.O.N [060] 00 00 00 21 38 C1 73 3E 28 5D FF ...!8.s> (]. [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,178) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,178) wrote 178 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 80 D2 E8 AC 47 44 25 ........ .....GD% [020] B7 00 00 00 00 ..... [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 80 D2 E8 AC 47 44 25 ........ .....GD% [020] B7 00 00 00 00 ..... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 36 at offset 0 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7712 returned 24 bytes. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: 80 d2 e8 ac 47 44 25 b7 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0008 status: NT_STATUS_OK [2006/11/08 09:30:50, 10] libsmb/credentials.c:creds_client_init(286) creds_client_init: neg_flags : 400701ff [2006/11/08 09:30:50, 10] libsmb/credentials.c:creds_client_init(287) creds_client_init: client chal : 2138C1733E285DFF [2006/11/08 09:30:50, 10] libsmb/credentials.c:creds_client_init(288) creds_client_init: server chal : 80D2E8AC474425B7 [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_init_64(117) creds_init_64 [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_init_64(118) clnt_chal_in: 2138C1733E285DFF [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_init_64(119) srv_chal_in : 80D2E8AC474425B7 [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_init_64(120) clnt+srv : A10AAA20856C82B6 [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_init_64(121) sess_key_out : 0612B47F29A29C36 [2006/11/08 09:30:50, 10] libsmb/credentials.c:creds_client_init(306) creds_client_init: clnt : 73081E2AF6CD08E2 [2006/11/08 09:30:50, 10] libsmb/credentials.c:creds_client_init(307) creds_client_init: server : 4C4E6179ABF01B0A [2006/11/08 09:30:50, 10] libsmb/credentials.c:creds_client_init(308) creds_client_init: seed : 73081E2AF6CD08E2 [2006/11/08 09:30:50, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) cli_net_auth2: srv:\\GENOME acct:PASING$ sc:4 mc: CODON neg: 400701ff [2006/11/08 09:30:50, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2006/11/08 09:30:50, 5] rpc_parse/parse_misc.c:init_log_info(1409) make_log_info 1409 [2006/11/08 09:30:50, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.G.E.N.O.M.E... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000022 smb_io_unistr2 unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : P.A.S.I.N.G.$... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0040 sec_chan: 0004 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_unistr2 unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0050 buffer : C.O.D.O.N... [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_chal [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 005c data: 73 08 1e 2a f6 cd 08 e2 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000064 net_io_neg_flags [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 neg_flags: 400701ff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0080 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000068 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 000f [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7712 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=210 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30482 (0x7712) smb_bcc=143 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 80 00 00 00 03 00 00 00 68 ........ .......h [020] 00 00 00 00 00 0F 00 01 00 00 00 09 00 00 00 00 ........ ........ [030] 00 00 00 09 00 00 00 5C 00 5C 00 47 00 45 00 4E .......\ .\.G.E.N [040] 00 4F 00 4D 00 45 00 00 00 00 00 08 00 00 00 00 .O.M.E.. ........ [050] 00 00 00 08 00 00 00 50 00 41 00 53 00 49 00 4E .......P .A.S.I.N [060] 00 47 00 24 00 00 00 04 00 00 00 06 00 00 00 00 .G.$.... ........ [070] 00 00 00 06 00 00 00 43 00 4F 00 44 00 4F 00 4E .......C .O.D.O.N [080] 00 00 00 73 08 1E 2A F6 CD 08 E2 FF 01 07 40 ...s..*. ......@ [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,214) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,214) wrote 214 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 4C 4E 61 79 AB F0 1B ........ .LNay... [020] 0A FF 01 00 40 00 00 00 00 ....@... . [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 4C 4E 61 79 AB F0 1B ........ .LNay... [020] 0A FF 01 00 40 00 00 00 00 ....@... . [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0028 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000010 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 40 at offset 0 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7712 returned 32 bytes. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: 4c 4e 61 79 ab f0 1b 0a [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 neg_flags: 400001ff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 000c status: NT_STATUS_OK [2006/11/08 09:30:50, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/11/08 09:30:50, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346) rpccli_netlogon_setup_creds: server GENOME credential chain established. [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,108) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,108) wrote 108 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4864 (0x1300) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[7713]: \NETLOGON auth_type 2, auth_level 6 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 type1: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type2: 00000003 [2006/11/08 09:30:50, 6] lib/util.c:dump_data(2215) [000] 4D 55 43 MUC [2006/11/08 09:30:50, 6] lib/util.c:dump_data(2215) [000] 43 4F 44 4F 4E CODON [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0062 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 auth_type : 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 auth_level : 06 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a auth_pad_len : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b auth_reserved: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c auth_context_id: 00000001 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7713 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30483 (0x7713) smb_bcc=113 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 62 00 12 00 04 00 00 00 B8 .......b ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 4D 55 43 00 43 4F 44 4F 4E .......M UC.CODON [070] 00 . [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,184) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,184) wrote 184 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 ........ .X...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 05 00 00 00 ........ . [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 ........ .X...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 05 00 00 00 ........ . [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 88 at offset 0 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7713 returned 88 bytes. [2006/11/08 09:30:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine GENOME pipe \NETLOGON fnum 0x7713 bind request returned ok. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2537) cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine GENOME for domain MUC and bound using schannel. [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,45) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,45) wrote 45 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=10 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) cli_rpc_pipe_close: closed pipe \NETLOGON to machine GENOME [2006/11/08 09:30:50, 10] libsmb/namequery.c:saf_store(71) saf_store: domain = [MUC], server = [GENOME], expire = [1162975550] [2006/11/08 09:30:50, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/MUC; value = GENOME and timeout = Wed Nov 8 09:45:50 2006 (900 seconds ahead) [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_step(148) sequence = 0x455195bc [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_step(150) seed: 73081E2AF6CD08E2 [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_step(155) seed+seq 2F9E6F6FF6CD08E2 [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_step(159) CLIENT 39E06B504614AFAE [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_step(164) seed+seq+1 309E6F6FF6CD08E2 [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_step(168) SERVER 85D8918444E44361 [2006/11/08 09:30:50, 5] libsmb/credentials.c:creds_reseed(238) cred_reseed: seed 309E6F6FF6CD08E2 [2006/11/08 09:30:50, 5] rpc_parse/parse_net.c:init_id_info2(1181) init_id_info2: 1181 [2006/11/08 09:30:50, 5] rpc_parse/parse_misc.c:init_logon_id(1588) make_logon_id: 1588 [2006/11/08 09:30:50, 5] rpc_parse/parse_net.c:init_sam_info(1275) init_sam_info: 1275 [2006/11/08 09:30:50, 5] rpc_parse/parse_misc.c:init_clnt_info2(1503) make_clnt_info: 1503 [2006/11/08 09:30:50, 5] rpc_parse/parse_misc.c:init_clnt_srv(1348) init_clnt_srv: 1348 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_sam_logon [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_sam_info [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_info2 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_srv [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer : 00000001 [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.G.E.N.O.M.E... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 undoc_buffer2: 00000001 [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_unistr2 unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0034 buffer : C.O.D.O.N... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 ptr_cred: 00000001 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_cred [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_chal [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0044 data: 39 e0 6b 50 46 14 af ae [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_utime [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c time: 455195bc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 ptr_rtn_cred : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_cred [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_chal [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0054 data: 00 00 00 00 00 00 00 00 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_utime [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c time: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 logon_level : 0002 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000062 smb_io_sam_info_ctr logon_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 switch_value : 0002 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 net_io_id_info2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 ptr_id_info2: 00000001 [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_unihdr unihdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 uni_str_len: 0006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a uni_max_len: 0006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c buffer : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 param_ctrl: 00000820 [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 000074 smb_io_logon_id [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 low : 0000dead [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 high: 0000beef [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 00007c smb_io_unihdr unihdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007c uni_str_len: 0012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007e uni_max_len: 0012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 buffer : 00000001 [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 000084 smb_io_unihdr unihdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0084 uni_str_len: 000e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0086 uni_max_len: 000e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 buffer : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 008c lm_chal: c4 ad 6d e1 7b 65 a4 65 [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 000094 smb_io_strhdr hdr_nt_chal_resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0094 str_str_len: 0018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0096 str_max_len: 0018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0098 buffer : 00000001 [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 00009c smb_io_strhdr hdr_lm_chal_resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009c str_str_len: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009e str_max_len: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 buffer : 00000000 [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000a4 smb_io_unistr2 uni_domain_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a4 uni_max_len: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac uni_str_len: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00b0 buffer : M.U.C. [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000b6 smb_io_unistr2 uni_user_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b8 uni_max_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 uni_str_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00c4 buffer : m.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000d6 smb_io_unistr2 uni_wksta_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 uni_max_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 uni_str_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00e4 buffer : \.\.I.T.-.0.1. [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000f2 smb_io_string2 nt_chal_resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 str_max_len: 00000018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc str_str_len: 00000018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_string2(1096) 0100 buffer : ..8..O....A....t.s..8)l* [2006/11/08 09:30:50, 9] rpc_parse/parse_prs.c:prs_debug(84) 000118 smb_io_string2 - NULL lm_chal_resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0118 validation_level: 0003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0160 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0020 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000011a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000138 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0138 auth_type : 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0139 auth_level : 06 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013a auth_pad_len : 06 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013b auth_reserved: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 013c auth_context_id: 00000001 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) add_schannel_auth_footer: SCHANNEL seq_num=0 [2006/11/08 09:30:50, 10] rpc_parse/parse_prs.c:schannel_encode(1633) SCHANNEL: schannel_encode seq_num=0 data_len=288 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000140 smb_io_rpc_auth_schannel_chk [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0140 sig : 77 00 7a 00 ff ff 00 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0148 seq_num: b9 d8 06 73 60 a3 93 5a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0150 packet_digest: a3 10 9d e3 ff 1e 2e 0f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0158 confounder: 1b 6c 0a f4 ea 66 b4 7e [2006/11/08 09:30:50, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7713 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=434 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 352 (0x160) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 352 (0x160) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30483 (0x7713) smb_bcc=367 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 01 20 00 05 00 00 00 1A .......` . ...... [020] 01 00 00 00 00 02 00 97 83 35 B0 1F 2A 2F F2 25 ........ .5..*/.% [030] B7 EE 7B E5 AE 0D 70 DF 18 E2 C7 2A DC 5B 03 1E ..{...p. ...*.[.. [040] 6B 86 5C 02 60 FA 8A 2D 3B 8D F9 18 2E CD 13 23 k.\.`..- ;......# [050] 6F 61 20 A8 04 0D 90 67 5A 45 6B A9 30 77 EE FC oa ....g ZEk.0w.. [060] B5 DB D1 79 FC D6 BF 69 FA 09 B5 98 D0 35 8B ED ...y...i .....5.. [070] 5E 1D 2B 5B DC E7 FA B1 F5 94 DC 19 41 60 D1 FF ^.+[.... ....A`.. [080] 1A E0 80 22 8B BE A2 E4 9D 32 AB 17 22 A2 64 EE ...".... .2..".d. [090] 4B 78 F4 A6 C0 0E A9 58 A4 60 03 49 E8 D2 32 F9 Kx.....X .`.I..2. [0A0] A3 7B DE D3 FC B0 7B 65 3F FD FA BE 43 89 FD 43 .{....{e ?...C..C [0B0] 57 F7 E1 F6 E6 6C BD BD 20 B1 2A 57 F9 C1 C0 20 W....l.. .*W... [0C0] 67 29 35 00 58 4D AC 46 E7 03 37 E3 84 E5 66 57 g)5.XM.F ..7...fW [0D0] 61 B9 5F D2 25 4C 56 FB 8B 9C 0E 6D 92 65 86 86 a._.%LV. ...m.e.. [0E0] 61 91 AD E2 FA 8E 80 C9 7C 67 CE 57 CA 70 0F F5 a....... |g.W.p.. [0F0] 8A 9A 58 A8 EA 51 03 7E 89 35 D4 8F D8 EC 29 B8 ..X..Q.~ .5....). [100] D6 80 E8 C4 4E BA C7 9C CC 5C 82 3E 3A 8E 98 1A ....N... .\.>:... [110] 10 0A 7E 86 36 27 26 A5 CB EE 3B 5F 70 A0 F0 D4 ..~.6'&. ..;_p... [120] 69 43 6D 53 1B C2 30 71 B5 6A C9 EE AC 7B 04 8E iCmS..0q .j...{.. [130] 12 30 90 A8 A4 37 C3 D5 D9 CB 50 E9 D5 45 2D 6E .0...7.. ..P..E-n [140] 03 56 49 B8 94 91 D7 44 06 06 00 01 00 00 00 77 .VI....D .......w [150] 00 7A 00 FF FF 00 00 B9 D8 06 73 60 A3 93 5A A3 .z...... ..s`..Z. [160] 10 9D E3 FF 1E 2E 0F 1B 6C 0A F4 EA 66 B4 7E ........ l...f.~ [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,438) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,438) wrote 438 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 800 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=800 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 744 (0x2E8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 744 (0x2E8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=745 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 E8 02 20 00 05 00 00 ........ ... .... [010] 00 A8 02 00 00 00 00 00 00 B7 7D CA AE D9 E1 8E ........ ..}..... [020] 8B 17 40 35 FC 8A 75 A2 27 0F 99 74 4E 81 89 52 ..@5..u. '..tN..R [030] 7C 12 12 A5 38 DA E2 68 A7 EE 11 EE B3 FE BC 68 |...8..h .......h [040] 55 69 07 A0 08 2B 33 C0 91 6B 9A F2 3E 7A FE 3C Ui...+3. .k..>z.< [050] F9 AD FB 77 2E EA 17 11 3F 29 E3 5A A5 8B B1 F5 ...w.... ?).Z.... [060] 44 B8 38 4D C6 E9 E2 1B 47 D1 8F 17 0E 9F DE 3D D.8M.... G......= [070] C5 D8 EE DA 11 19 57 97 7A D6 BC 8D C5 2E 56 61 ......W. z.....Va [080] 80 93 FC E7 8C 28 CD E8 3E 9B B5 F4 85 E7 FB F3 .....(.. >....... [090] A1 4E 77 88 66 E0 5E 67 90 E0 B4 A2 14 3E 70 CF .Nw.f.^g .....>p. [0A0] DC D0 BF D5 B8 E2 EB 69 8E E8 7D 2C 07 70 F7 F7 .......i ..},.p.. [0B0] BA E6 74 5C 9F 65 6F 83 E0 50 63 13 6A CC 7D CE ..t\.eo. .Pc.j.}. [0C0] F0 F4 42 B1 37 FC E7 3F 0A 3F 40 E4 18 2F 7C BE ..B.7..? .?@../|. [0D0] DA 95 08 9B 2A 77 47 AA EE 26 5E CD B7 6C 11 46 ....*wG. .&^..l.F [0E0] 1E 75 C6 6A 7E 78 6E CD 60 D1 3E D5 8F 35 33 A1 .u.j~xn. `.>..53. [0F0] 74 D5 53 25 A6 12 60 EC 7E 60 4F B9 05 33 A6 4A t.S%..`. ~`O..3.J [100] E0 76 41 34 CF 87 32 28 49 74 60 78 DD 5F 41 6B .vA4..2( It`x._Ak [110] F6 17 B9 0C 65 1D 03 6F FF 39 82 32 6F 8C 1B 47 ....e..o .9.2o..G [120] F0 7A 9C 02 E5 D2 73 9B 2F AD 32 6D BC E5 32 36 .z....s. /.2m..26 [130] 0D 00 B1 3A 35 13 CA AC D6 6E 85 7E 2E AE AF BE ...:5... .n.~.... [140] 26 F7 42 6C 54 FC 10 32 34 80 78 AF 22 28 D1 61 &.BlT..2 4.x."(.a [150] 23 8A 6F 09 E0 B8 E9 A9 26 72 63 96 1F E9 0F 38 #.o..... &rc....8 [160] 83 2D B5 7D 1F E8 4D B3 0B FF 9C 3D 35 BF BD 22 .-.}..M. ...=5.." [170] 2C 5E 28 AA C8 F1 F5 3A 8A CB D6 5E 64 7D EC A5 ,^(....: ...^d}.. [180] B7 75 48 36 84 E2 A3 DA 70 71 B5 7C 77 F9 60 FF .uH6.... pq.|w.`. [190] 88 3B 50 B8 2B AD 40 94 98 C2 02 CD 3F 23 7A 2C .;P.+.@. ....?#z, [1A0] 4B AE 76 08 8F 83 9B 70 D4 0A 33 0E 4B F7 21 AA K.v....p ..3.K.!. [1B0] BF 85 1D 45 FA 69 5D 66 E4 FE 95 AA 40 D9 43 D7 ...E.i]f ....@.C. [1C0] F5 EC 9D 4D 04 A2 6A 37 FE FF 87 39 02 19 52 E1 ...M..j7 ...9..R. [1D0] EA 96 5D BD C4 A3 6F E7 A8 05 2E 3B 19 37 A3 68 ..]...o. ...;.7.h [1E0] 5F 96 D9 97 5C 95 A0 8F 99 BF 47 FA 8F DC 0F 4E _...\... ..G....N [1F0] 70 9C BD 57 A1 7A 52 70 DD 2C EC F4 FD CA B4 40 p..W.zRp .,.....@ [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=800 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 744 (0x2E8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 744 (0x2E8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=745 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 E8 02 20 00 05 00 00 ........ ... .... [010] 00 A8 02 00 00 00 00 00 00 B7 7D CA AE D9 E1 8E ........ ..}..... [020] 8B 17 40 35 FC 8A 75 A2 27 0F 99 74 4E 81 89 52 ..@5..u. '..tN..R [030] 7C 12 12 A5 38 DA E2 68 A7 EE 11 EE B3 FE BC 68 |...8..h .......h [040] 55 69 07 A0 08 2B 33 C0 91 6B 9A F2 3E 7A FE 3C Ui...+3. .k..>z.< [050] F9 AD FB 77 2E EA 17 11 3F 29 E3 5A A5 8B B1 F5 ...w.... ?).Z.... [060] 44 B8 38 4D C6 E9 E2 1B 47 D1 8F 17 0E 9F DE 3D D.8M.... G......= [070] C5 D8 EE DA 11 19 57 97 7A D6 BC 8D C5 2E 56 61 ......W. z.....Va [080] 80 93 FC E7 8C 28 CD E8 3E 9B B5 F4 85 E7 FB F3 .....(.. >....... [090] A1 4E 77 88 66 E0 5E 67 90 E0 B4 A2 14 3E 70 CF .Nw.f.^g .....>p. [0A0] DC D0 BF D5 B8 E2 EB 69 8E E8 7D 2C 07 70 F7 F7 .......i ..},.p.. [0B0] BA E6 74 5C 9F 65 6F 83 E0 50 63 13 6A CC 7D CE ..t\.eo. .Pc.j.}. [0C0] F0 F4 42 B1 37 FC E7 3F 0A 3F 40 E4 18 2F 7C BE ..B.7..? .?@../|. [0D0] DA 95 08 9B 2A 77 47 AA EE 26 5E CD B7 6C 11 46 ....*wG. .&^..l.F [0E0] 1E 75 C6 6A 7E 78 6E CD 60 D1 3E D5 8F 35 33 A1 .u.j~xn. `.>..53. [0F0] 74 D5 53 25 A6 12 60 EC 7E 60 4F B9 05 33 A6 4A t.S%..`. ~`O..3.J [100] E0 76 41 34 CF 87 32 28 49 74 60 78 DD 5F 41 6B .vA4..2( It`x._Ak [110] F6 17 B9 0C 65 1D 03 6F FF 39 82 32 6F 8C 1B 47 ....e..o .9.2o..G [120] F0 7A 9C 02 E5 D2 73 9B 2F AD 32 6D BC E5 32 36 .z....s. /.2m..26 [130] 0D 00 B1 3A 35 13 CA AC D6 6E 85 7E 2E AE AF BE ...:5... .n.~.... [140] 26 F7 42 6C 54 FC 10 32 34 80 78 AF 22 28 D1 61 &.BlT..2 4.x."(.a [150] 23 8A 6F 09 E0 B8 E9 A9 26 72 63 96 1F E9 0F 38 #.o..... &rc....8 [160] 83 2D B5 7D 1F E8 4D B3 0B FF 9C 3D 35 BF BD 22 .-.}..M. ...=5.." [170] 2C 5E 28 AA C8 F1 F5 3A 8A CB D6 5E 64 7D EC A5 ,^(....: ...^d}.. [180] B7 75 48 36 84 E2 A3 DA 70 71 B5 7C 77 F9 60 FF .uH6.... pq.|w.`. [190] 88 3B 50 B8 2B AD 40 94 98 C2 02 CD 3F 23 7A 2C .;P.+.@. ....?#z, [1A0] 4B AE 76 08 8F 83 9B 70 D4 0A 33 0E 4B F7 21 AA K.v....p ..3.K.!. [1B0] BF 85 1D 45 FA 69 5D 66 E4 FE 95 AA 40 D9 43 D7 ...E.i]f ....@.C. [1C0] F5 EC 9D 4D 04 A2 6A 37 FE FF 87 39 02 19 52 E1 ...M..j7 ...9..R. [1D0] EA 96 5D BD C4 A3 6F E7 A8 05 2E 3B 19 37 A3 68 ..]...o. ...;.7.h [1E0] 5F 96 D9 97 5C 95 A0 8F 99 BF 47 FA 8F DC 0F 4E _...\... ..G....N [1F0] 70 9C BD 57 A1 7A 52 70 DD 2C EC F4 FD CA B4 40 p..W.zRp .,.....@ [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 02e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0020 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 000002a8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 0002c0 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 02c0 auth_type : 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 02c1 auth_level : 06 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 02c2 auth_pad_len : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 02c3 auth_reserved: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02c4 auth_context_id: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 0002c8 smb_io_rpc_auth_schannel_chk [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 02c8 sig : 77 00 7a 00 ff ff 00 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 02d0 seq_num: 3d 0d ad 2e b4 72 02 da [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 02d8 packet_digest: c1 65 f0 c7 25 9e ce a1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 02e0 confounder: 65 a2 35 20 c9 76 6b a6 [2006/11/08 09:30:50, 10] rpc_parse/parse_prs.c:schannel_decode(1710) SCHANNEL: schannel_decode seq_num=1 data_len=680 [2006/11/08 09:30:50, 10] rpc_parse/parse_prs.c:schannel_decode(1730) SCHANNEL: schannel_decode seq_num=1 data_len=680 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 744, data_len 680, ss_len 0 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 744 at offset 0 [2006/11/08 09:30:50, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine GENOME pipe \NETLOGON fnum 0x7713 returned 1360 bytes. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_sam_logon [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 buffer_creds: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_cred [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_chal [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0004 data: 85 d8 91 84 44 e4 43 61 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_utime [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c time: 455195bd [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 switch_value: 0003 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 net_io_user_info3 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ptr_user_info : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time logon time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 00000000 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time logoff time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : ffffffff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 7fffffff [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time kickoff time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : ffffffff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 7fffffff [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time last set time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : e30e9d00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 01c5f72a [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_time can change time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 low : e30e9d00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c high: 01c5f72a [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_time must change time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 low : ffffffff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 high: 7fffffff [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_user_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 0012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 0012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_full_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 001c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 001c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_logon_script [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 001e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 001e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_profile_path [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0036 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0036 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_unihdr hdr_home_dir [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 uni_str_len: 0024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a uni_max_len: 0024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c buffer : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr hdr_dir_drive [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 uni_str_len: 0004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 uni_max_len: 0004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0078 logon_count : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007a bad_pw_count : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c user_rid : 00000c32 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 group_rid : 00000201 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0084 num_groups : 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 buffer_groups : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c user_flgs : 00000020 [2006/11/08 09:30:50, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0090 user_sess_key: 8e 30 ae 64 e4 de 59 d2 48 1c cd 00 b1 1d 8b 5a [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a0 smb_io_unihdr hdr_logon_srv [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a0 uni_str_len: 000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a2 uni_max_len: 000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a4 buffer : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a8 smb_io_unihdr hdr_logon_dom [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a8 uni_str_len: 0006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00aa uni_max_len: 0006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac buffer : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 buffer_dom_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00b4 lm_sess_key: 26 de 61 51 42 28 94 ef [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc acct_flags : 00000210 [2006/11/08 09:30:50, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags account has ACB_NORMAL account has ACB_PWNOEXP [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc num_other_sids: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 buffer_other_sids: 00000000 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 uni_user_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e4 uni_max_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ec uni_str_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00f0 buffer : m.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000102 smb_io_unistr2 uni_full_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0104 uni_max_len: 0000000e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0108 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 010c uni_str_len: 0000000e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0110 buffer : M.a.r.c. .M.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00012c smb_io_unistr2 uni_logon_script [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 012c uni_max_len: 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0130 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0134 uni_str_len: 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0138 buffer : l.o.g.o.n.s.c.r.i.p.t...b.a.t. [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000156 smb_io_unistr2 uni_profile_path [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0158 uni_max_len: 0000001b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 015c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0160 uni_str_len: 0000001b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0164 buffer : \.\.g.e.n.o.m.e.\.P.r.o.f.i.l.e.s.\.m.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00019a smb_io_unistr2 uni_home_dir [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 019c uni_max_len: 00000012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01a0 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01a4 uni_str_len: 00000012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 01a8 buffer : \.\.g.e.n.o.m.e.\.m.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0001cc smb_io_unistr2 uni_dir_drive [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01cc uni_max_len: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01d0 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01d4 uni_str_len: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 01d8 buffer : H.:. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01dc num_groups2 : 0000000f [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0001e0 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01e0 g_rid: 00000201 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01e4 attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0001e8 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01e8 g_rid: 000004a1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01ec attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0001f0 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01f0 g_rid: 0000057d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01f4 attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0001f8 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01f8 g_rid: 00000585 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01fc attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000200 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0200 g_rid: 0000058d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0204 attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000208 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0208 g_rid: 0000058f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 020c attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000210 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0210 g_rid: 00000591 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0214 attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000218 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0218 g_rid: 0000059f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 021c attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000220 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0220 g_rid: 000005a3 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0224 attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000228 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0228 g_rid: 00000bcd [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 022c attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000230 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0230 g_rid: 00000be7 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0234 attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000238 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0238 g_rid: 00000bef [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 023c attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000240 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0240 g_rid: 00000bf7 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0244 attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000248 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0248 g_rid: 00000bf9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 024c attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000250 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0250 g_rid: 00000c0d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0254 attr : 00000007 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000258 smb_io_unistr2 uni_logon_srv [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0258 uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 025c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0260 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0264 buffer : G.E.N.O.M.E. [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000270 smb_io_unistr2 uni_logon_dom [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0270 uni_max_len: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0274 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0278 uni_str_len: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 027c buffer : M.U.C. [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000282 smb_io_dom_sid2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0284 num_auths: 00000004 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000288 smb_io_dom_sid sid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0288 sid_rev_num: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0289 num_auths : 04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 028a id_auth[0] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 028b id_auth[1] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 028c id_auth[2] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 028d id_auth[3] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 028e id_auth[4] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 028f id_auth[5] : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0290 sub_auths : 00000015 51397ca9 6b5bdb79 2bb02e26 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02a0 auth_resp : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 02a4 status : NT_STATUS_OK [2006/11/08 09:30:50, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/11/08 09:30:50, 10] passdb/secrets.c:secrets_named_mutex_release(791) secrets_named_mutex: released mutex for GENOME [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user MUC+muehlfeld [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is muc+muehlfeld [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(83) Trying _Get_Pwnam(), username as given is MUC+muehlfeld [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is MUC+MUEHLFELD [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in muc+muehlfeld [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [MUC+muehlfeld]! [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user muehlfeld [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is muehlfeld [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [muehlfeld]! [2006/11/08 09:30:50, 5] auth/auth_util.c:fill_sam_account(1532) fill_sam_account: located username was [muehlfeld] [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username muehlfeld, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name Marc Muehlfeld, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain PASING, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path \\codon\Profiles\muehlfeld, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \\codon\muehlfeld, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive H:, was NULL [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script logonscript.bat, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-1183370737-3874734740-1589004535-3122 [2006/11/08 09:30:50, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1183370737-3874734740-1589004535-3122 from rid 3122 [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580) pdb_set_nt_username: setting nt username muehlfeld, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username muehlfeld, was muehlfeld [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain MUC, was PASING [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-1362721961-1801182073-732966438-3122 [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521) pdb_set_group_sid: setting group sid S-1-5-21-1183370737-3874734740-1589004535-513 [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name Marc Muehlfeld, was Marc Muehlfeld [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script logonscript.bat, was logonscript.bat [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path \\genome\Profiles\muehlfeld, was \\codon\Profiles\muehlfeld [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \\genome\muehlfeld, was \\codon\muehlfeld [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive H:, was H: [2006/11/08 09:30:50, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) netsamlogon_cache_store: SID [S-1-5-21-1362721961-1801182073-732966438-3122] [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 timestamp: 455195ba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000004 net_io_user_info3 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_user_info : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_time logon time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 low : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c high: 00000000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_time logoff time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 low : ffffffff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 high: 7fffffff [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time kickoff time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : ffffffff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 7fffffff [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time last set time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : e30e9d00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 01c5f72a [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time can change time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : e30e9d00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 01c5f72a [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time must change time [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : ffffffff [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 7fffffff [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_unihdr hdr_user_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 uni_str_len: 0012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a uni_max_len: 0012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c buffer : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_unihdr hdr_full_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0040 uni_str_len: 001c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0042 uni_max_len: 001c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 buffer : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_logon_script [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 001e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 001e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_profile_path [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 0036 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 0036 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_home_dir [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 0024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 0024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_dir_drive [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 logon_count : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a bad_pw_count : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c user_rid : 00000c32 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 group_rid : 00000201 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 num_groups : 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 buffer_groups : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c user_flgs : 00000020 [2006/11/08 09:30:50, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0080 user_sess_key: e9 c5 3e ea d4 5b 5f 22 af 6a 5b 7b b1 35 ae 7b [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000090 smb_io_unihdr hdr_logon_srv [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0090 uni_str_len: 000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0092 uni_max_len: 000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0094 buffer : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_unihdr hdr_logon_dom [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0098 uni_str_len: 0006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009a uni_max_len: 0006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c buffer : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 buffer_dom_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00a4 lm_sess_key: 41 2b f1 df 72 ad 92 1f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac acct_flags : 00000210 [2006/11/08 09:30:50, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags account has ACB_NORMAL account has ACB_PWNOEXP [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b8 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 unkown: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc num_other_sids: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 buffer_other_sids: 00000000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000d4 smb_io_unistr2 uni_user_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 uni_max_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc uni_str_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00e0 buffer : m.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000f2 smb_io_unistr2 uni_full_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 uni_max_len: 0000000e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc uni_str_len: 0000000e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0100 buffer : M.a.r.c. .M.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00011c smb_io_unistr2 uni_logon_script [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 011c uni_max_len: 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0120 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0124 uni_str_len: 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0128 buffer : l.o.g.o.n.s.c.r.i.p.t...b.a.t. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000146 smb_io_unistr2 uni_profile_path [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0148 uni_max_len: 0000001b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 014c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0150 uni_str_len: 0000001b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0154 buffer : \.\.g.e.n.o.m.e.\.P.r.o.f.i.l.e.s.\.m.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00018a smb_io_unistr2 uni_home_dir [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 018c uni_max_len: 00000012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0190 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0194 uni_str_len: 00000012 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0198 buffer : \.\.g.e.n.o.m.e.\.m.u.e.h.l.f.e.l.d. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0001bc smb_io_unistr2 uni_dir_drive [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01bc uni_max_len: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01c0 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01c4 uni_str_len: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 01c8 buffer : H.:. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01cc num_groups2 : 0000000f [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0001d0 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01d0 g_rid: 00000201 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01d4 attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0001d8 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01d8 g_rid: 000004a1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01dc attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0001e0 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01e0 g_rid: 0000057d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01e4 attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0001e8 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01e8 g_rid: 00000585 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01ec attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0001f0 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01f0 g_rid: 0000058d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01f4 attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0001f8 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01f8 g_rid: 0000058f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01fc attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000200 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0200 g_rid: 00000591 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0204 attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000208 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0208 g_rid: 0000059f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 020c attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000210 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0210 g_rid: 000005a3 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0214 attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000218 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0218 g_rid: 00000bcd [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 021c attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000220 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0220 g_rid: 00000be7 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0224 attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000228 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0228 g_rid: 00000bef [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 022c attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000230 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0230 g_rid: 00000bf7 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0234 attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000238 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0238 g_rid: 00000bf9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 023c attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000240 smb_io_gid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0240 g_rid: 00000c0d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0244 attr : 00000007 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000248 smb_io_unistr2 uni_logon_srv [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0248 uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 024c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0250 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0254 buffer : G.E.N.O.M.E. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000260 smb_io_unistr2 uni_logon_dom [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0260 uni_max_len: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0264 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0268 uni_str_len: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 026c buffer : M.U.C. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000272 smb_io_dom_sid2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0274 num_auths: 00000004 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000278 smb_io_dom_sid sid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0278 sid_rev_num: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0279 num_auths : 04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 027a id_auth[0] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 027b id_auth[1] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 027c id_auth[2] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 027d id_auth[3] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 027e id_auth[4] : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 027f id_auth[5] : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0280 sub_auths : 00000015 51397ca9 6b5bdb79 2bb02e26 [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,45) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,45) wrote 45 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=12 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) cli_rpc_pipe_close: closed pipe \NETLOGON to machine GENOME [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(132) write_socket(19,39) [2006/11/08 09:30:50, 6] libsmb/clientgen.c:write_socket(135) write_socket(19,39) wrote 39 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=7769 smb_uid=100 smb_mid=13 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: winbind authentication for user [muehlfeld] succeeded [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [muehlfeld] succeeded [2006/11/08 09:30:50, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [muehlfeld] -> [muehlfeld] -> [muehlfeld] succeeded [2006/11/08 09:30:50, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2006/11/08 09:30:50, 10] auth/auth_util.c:free_user_info(1870) structure was created for muehlfeld [2006/11/08 09:30:50, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015) fetch gid from cache 544 -> S-1-5-32-544 [2006/11/08 09:30:50, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015) fetch gid from cache 545 -> S-1-5-32-545 [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-3122)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1185)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1405)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1413)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1421)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1423)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1425)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1439)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1443)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-3021)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-3047)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-3055)(sambaSIDList=S-1-5-21-1362721961-1801182073-73 +> 2The connection to the LDAP server was closed [2006/11/08 09:30:50, 10] lib/smbldap.c:smb_ldap_setup_conn(632) smb_ldap_setup_connection: ldap://192.168.30.4/ [2006/11/08 09:30:50, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_connect_system(947) ldap_connect_system: Binding to ldap server ldap://192.168.30.4/ as "uid=samba,ou=Users,dc=pa,dc=lfmg,dc=de" [2006/11/08 09:30:50, 3] lib/smbldap.c:smbldap_connect_system(992) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2006/11/08 09:30:50, 4] lib/smbldap.c:smbldap_open(1060) The LDAP server is succesfully connected [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-3122)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1185)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1405)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1413)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1421)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1423)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1425)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1439)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-1443)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-3021)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-3047)(sambaSIDList=S-1-5-21-1362721961-1801182073-732966438-3055)(sambaSIDList=S-1-5-21-1362721961-1801182073-73 +> 2get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-3122] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-513] [2006/11/08 09:30:50, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-1185] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-1405] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-1413] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-1421] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-1423] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-1425] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-1439] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-1443] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-3021] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-3047] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-3055] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-3063] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-3065] [2006/11/08 09:30:50, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1362721961-1801182073-732966438-3085] [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-513 to gid, ignoring it [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2006/11/08 09:30:50, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213) ldapsam_getgroup: Did not find group [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-1-0 to gid, ignoring it [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2006/11/08 09:30:50, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213) ldapsam_getgroup: Did not find group [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-2 to gid, ignoring it [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] [2006/11/08 09:30:50, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213) ldapsam_getgroup: Did not find group [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-11 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-1185 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-1405 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-1413 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-1421 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-1423 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-1425 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-1439 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-1443 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-3021 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-3047 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-3055 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-3063 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-3065 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-21-1362721961-1801182073-732966438-3085 to gid, ignoring it [2006/11/08 09:30:50, 10] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-1362721961-1801182073-732966438-3122 contains 19 SIDs SID[ 0]: S-1-5-21-1362721961-1801182073-732966438-3122 SID[ 1]: S-1-5-21-1362721961-1801182073-732966438-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1362721961-1801182073-732966438-1185 SID[ 6]: S-1-5-21-1362721961-1801182073-732966438-1405 SID[ 7]: S-1-5-21-1362721961-1801182073-732966438-1413 SID[ 8]: S-1-5-21-1362721961-1801182073-732966438-1421 SID[ 9]: S-1-5-21-1362721961-1801182073-732966438-1423 SID[ 10]: S-1-5-21-1362721961-1801182073-732966438-1425 SID[ 11]: S-1-5-21-1362721961-1801182073-732966438-1439 SID[ 12]: S-1-5-21-1362721961-1801182073-732966438-1443 SID[ 13]: S-1-5-21-1362721961-1801182073-732966438-3021 SID[ 14]: S-1-5-21-1362721961-1801182073-732966438-3047 SID[ 15]: S-1-5-21-1362721961-1801182073-732966438-3055 SID[ 16]: S-1-5-21-1362721961-1801182073-732966438-3063 SID[ 17]: S-1-5-21-1362721961-1801182073-732966438-3065 SID[ 18]: S-1-5-21-1362721961-1801182073-732966438-3085 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 09:30:50, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(133) Got NT session key of length 16 [2006/11/08 09:30:50, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(140) Got LM session key of length 8 [2006/11/08 09:30:50, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) ntlmssp_server_auth: Created NTLM2 session key. [2006/11/08 09:30:50, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/11/08 09:30:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/11/08 09:30:50, 10] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2006/11/08 09:30:50, 10] lib/util_pw.c:getpwnam_alloc(76) Got muehlfeld from pwnam_cache [2006/11/08 09:30:50, 10] smbd/password.c:register_vuid(277) register_vuid: (1061,513) muehlfeld muehlfeld MUC guest=0 [2006/11/08 09:30:50, 3] smbd/password.c:register_vuid(280) User name: muehlfeld Real name: Marc Muehlfeld [2006/11/08 09:30:50, 3] smbd/password.c:register_vuid(301) UNIX uid 1061 is UNIX user muehlfeld, and will be vuid 101 [2006/11/08 09:30:50, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2006/11/08 09:30:50, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find muehlfeld [2006/11/08 09:30:50, 3] smbd/password.c:register_vuid(332) Adding homes service for user 'muehlfeld' using home directory: '/home/muehlfeld' [2006/11/08 09:30:50, 8] param/loadparm.c:add_a_service(2495) add_a_service: Creating snum = 19 for muehlfeld [2006/11/08 09:30:50, 10] param/loadparm.c:hash_a_service(2542) hash_a_service: hashing index 19 for service name muehlfeld [2006/11/08 09:30:50, 3] param/loadparm.c:lp_add_home(2588) adding home's share [muehlfeld] for user 'muehlfeld' at '/home/muehlfeld' [2006/11/08 09:30:50, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Mon Oct 16 11:15:28 2006 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Wed Nov 8 09:24:47 2006 file /etc/samba//smb.conf -> /etc/samba//smb.conf last mod_time: Wed Nov 8 09:28:49 2006 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=104 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=61 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 50 ...0...2 .3.c...P [030] 00 41 00 53 00 49 00 4E 00 47 00 00 00 .A.S.I.N .G... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 76 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x4c [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 3 of length 80 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 43 00 4F 00 44 00 4F 00 4E 00 5C .\.\.C.O .D.O.N.\ [010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [020] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 7769) conn 0x0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [IPC$] [2006/11/08 09:30:50, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service ipc$ [2006/11/08 09:30:50, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share IPC$ is ok for unix user muehlfeld [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user muehlfeld [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is muehlfeld [2006/11/08 09:30:50, 10] lib/util_pw.c:getpwnam_alloc(76) Got muehlfeld from pwnam_cache [2006/11/08 09:30:50, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [muehlfeld]! [2006/11/08 09:30:50, 10] smbd/service.c:set_conn_connectpath(122) set_conn_connectpath: service IPC$, connectpath = /tmp [2006/11/08 09:30:50, 3] smbd/service.c:make_connection_snum(752) Connect path is '/tmp' for service [IPC$] [2006/11/08 09:30:50, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/11/08 09:30:50, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 09:30:50, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 19 entries and first sid S-1-5-21-1362721961-1801182073-732966438-3122. [2006/11/08 09:30:50, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 09:30:50, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1362721961-1801182073-732966438-3122 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1185 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1405 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1413 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1421 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1423 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1425 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1439 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1443 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3021 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3047 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3055 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3063 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3065 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3085 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/11/08 09:30:50, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/11/08 09:30:50, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2006/11/08 09:30:50, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2006/11/08 09:30:50, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share IPC$ is ok for unix user muehlfeld [2006/11/08 09:30:50, 10] smbd/share_access.c:is_share_read_only_for_token(267) is_share_read_only_for_user: share IPC$ is read-only for unix user muehlfeld [2006/11/08 09:30:50, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/11/08 09:30:50, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 09:30:50, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 19 entries and first sid S-1-5-21-1362721961-1801182073-732966438-3122. [2006/11/08 09:30:50, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 09:30:50, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1362721961-1801182073-732966438-3122 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1185 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1405 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1413 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1421 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1423 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1425 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1439 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1443 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3021 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3047 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3055 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3063 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3065 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3085 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2006/11/08 09:30:50, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/11/08 09:30:50, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid root does not start with 'S-'. [2006/11/08 09:30:50, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: PASING\root => PASING (domain), root (name) [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=pa,dc=lfmg,dc=de], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2006/11/08 09:30:50, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2006/11/08 09:30:50, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213) ldapsam_getgroup: Did not find group [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: Unix User\root => Unix User (domain), root (name) [2006/11/08 09:30:50, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid Administrator does not start with 'S-'. [2006/11/08 09:30:50, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: PASING\Administrator => PASING (domain), Administrator (name) [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=pa,dc=lfmg,dc=de], filter => [(&(uid=Administrator)(objectclass=sambaSamAccount))], scope => [2] [2006/11/08 09:30:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: Administrator [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username Administrator, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain PASING, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580) pdb_set_nt_username: setting nt username Administrator, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(476) pdb_set_user_sid_from_string: setting user sid S-1-5-21-1183370737-3874734740-1589004535-2996 [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-1183370737-3874734740-1589004535-2996 [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name Domainadministrator, was [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive H:, was NULL [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \\codon\administrator, was [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script logonscript.bat, was [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path \\codon\Profiles\administrator, was [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [description] = [] [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/11/08 09:30:50, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 3 [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/11/08 09:30:50, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/11/08 09:30:50, 5] passdb/login_cache.c:login_cache_init(41) Opening cache file at /usr/var/locks/login_cache.tdb [2006/11/08 09:30:50, 7] passdb/login_cache.c:login_cache_read(87) Looking up login cache for user Administrator [2006/11/08 09:30:50, 7] passdb/login_cache.c:login_cache_read(101) No cache entry found [2006/11/08 09:30:50, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) No cache entry, bad count = 0, bad time = 0 [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] [2006/11/08 09:30:50, 2] passdb/pdb_ldap.c:init_group_from_ldap(2136) init_group_from_ldap: Entry found for group: 512 [2006/11/08 09:30:50, 10] passdb/lookup_sid.c:check_dom_sid_to_level(613) Accepting SID S-1-5-21-1183370737-3874734740-1589004535 in level 1 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1478) lookup_global_sam_rid: looking up RID 512. [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=pa,dc=lfmg,dc=de], filter => [(&(sambaSID=S-1-5-21-1183370737-3874734740-1589004535-512)(objectclass=sambaSamAccount))], scope => [2] [2006/11/08 09:30:50, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1183370737-3874734740-1589004535-512] count=0 [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1183370737-3874734740-1589004535-512))], scope => [2] [2006/11/08 09:30:50, 2] passdb/pdb_ldap.c:init_group_from_ldap(2136) init_group_from_ldap: Entry found for group: 512 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/11/08 09:30:50, 5] passdb/pdb_interface.c:pdb_default_lookup_rids(1599) lookup_rids: Domain Admins:2 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 10] passdb/lookup_sid.c:lookup_sid(867) Sid S-1-5-21-1183370737-3874734740-1589004535-512 -> PASING\Domain Admins(2) [2006/11/08 09:30:50, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 3 [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username Administrator, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain PASING, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580) pdb_set_nt_username: setting nt username Administrator, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name Domainadministrator, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \\codon\administrator, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive H:, was NULL [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script logonscript.bat, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path \\codon\Profiles\administrator, was [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_workstations(739) pdb_set_workstations: setting workstations , was [2006/11/08 09:30:50, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 3 [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-1183370737-3874734740-1589004535-2996 [2006/11/08 09:30:50, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1183370737-3874734740-1589004535-2996 from rid 2996 [2006/11/08 09:30:50, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1478) lookup_global_sam_rid: looking up RID 512. [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=pa,dc=lfmg,dc=de], filter => [(&(sambaSID=S-1-5-21-1183370737-3874734740-1589004535-512)(objectclass=sambaSamAccount))], scope => [2] [2006/11/08 09:30:50, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1183370737-3874734740-1589004535-512] count=0 [2006/11/08 09:30:50, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1183370737-3874734740-1589004535-512))], scope => [2] [2006/11/08 09:30:50, 2] passdb/pdb_ldap.c:init_group_from_ldap(2136) init_group_from_ldap: Entry found for group: 512 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 10] passdb/lookup_sid.c:sid_to_gid(1295) sid_to_gid: S-1-5-21-1183370737-3874734740-1589004535-512 -> 512 [2006/11/08 09:30:50, 3] passdb/lookup_sid.c:store_gid_sid_cache(1059) store_gid_sid_cache: gid 512 in cache -> S-1-5-21-1183370737-3874734740-1589004535-512 [2006/11/08 09:30:50, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521) pdb_set_group_sid: setting group sid S-1-5-21-1183370737-3874734740-1589004535-512 [2006/11/08 09:30:50, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1183370737-3874734740-1589004535-512 from rid 512 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1061, 513) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-1362721961-1801182073-732966438-3122 contains 19 SIDs SID[ 0]: S-1-5-21-1362721961-1801182073-732966438-3122 SID[ 1]: S-1-5-21-1362721961-1801182073-732966438-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1362721961-1801182073-732966438-1185 SID[ 6]: S-1-5-21-1362721961-1801182073-732966438-1405 SID[ 7]: S-1-5-21-1362721961-1801182073-732966438-1413 SID[ 8]: S-1-5-21-1362721961-1801182073-732966438-1421 SID[ 9]: S-1-5-21-1362721961-1801182073-732966438-1423 SID[ 10]: S-1-5-21-1362721961-1801182073-732966438-1425 SID[ 11]: S-1-5-21-1362721961-1801182073-732966438-1439 SID[ 12]: S-1-5-21-1362721961-1801182073-732966438-1443 SID[ 13]: S-1-5-21-1362721961-1801182073-732966438-3021 SID[ 14]: S-1-5-21-1362721961-1801182073-732966438-3047 SID[ 15]: S-1-5-21-1362721961-1801182073-732966438-3055 SID[ 16]: S-1-5-21-1362721961-1801182073-732966438-3063 SID[ 17]: S-1-5-21-1362721961-1801182073-732966438-3065 SID[ 18]: S-1-5-21-1362721961-1801182073-732966438-3085 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 1061 Primary group is 513 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(1061,1061) gid=(0,513) [2006/11/08 09:30:50, 3] smbd/service.c:make_connection_snum(941) it-01 (192.168.29.254) connect to service IPC$ initially as user muehlfeld (uid=1061, gid=513) (pid 7769) [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2006/11/08 09:30:50, 3] smbd/reply.c:reply_tcon_and_X(716) tconX service=IPC$ [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=7 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 4 of length 104 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1061, 513) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-1362721961-1801182073-732966438-3122 contains 19 SIDs SID[ 0]: S-1-5-21-1362721961-1801182073-732966438-3122 SID[ 1]: S-1-5-21-1362721961-1801182073-732966438-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1362721961-1801182073-732966438-1185 SID[ 6]: S-1-5-21-1362721961-1801182073-732966438-1405 SID[ 7]: S-1-5-21-1362721961-1801182073-732966438-1413 SID[ 8]: S-1-5-21-1362721961-1801182073-732966438-1421 SID[ 9]: S-1-5-21-1362721961-1801182073-732966438-1423 SID[ 10]: S-1-5-21-1362721961-1801182073-732966438-1425 SID[ 11]: S-1-5-21-1362721961-1801182073-732966438-1439 SID[ 12]: S-1-5-21-1362721961-1801182073-732966438-1443 SID[ 13]: S-1-5-21-1362721961-1801182073-732966438-3021 SID[ 14]: S-1-5-21-1362721961-1801182073-732966438-3047 SID[ 15]: S-1-5-21-1362721961-1801182073-732966438-3055 SID[ 16]: S-1-5-21-1362721961-1801182073-732966438-3063 SID[ 17]: S-1-5-21-1362721961-1801182073-732966438-3065 SID[ 18]: S-1-5-21-1362721961-1801182073-732966438-3085 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 1061 Primary group is 513 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(1061,1061) gid=(0,513) [2006/11/08 09:30:50, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /tmp [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \wkssvc. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe wkssvc opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested wkssvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe wkssvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe wkssvc with handle 73e3 (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name wkssvc pnum=73e3 [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \wkssvc [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=256 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=58112 (0xE300) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 5 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29667 (0x73E3) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e3 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e3 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e3 name: wkssvc open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 6bffd098 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : a112 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 3610 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 98 33 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 46 c3 f8 7e 34 5a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\ntsvcs. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73e3 nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 6 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29667 (0x73E3) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e3 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e3 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e3 name: wkssvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73e3 min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x90 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 7 of length 148 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29667 (0x73E3) smb_bcc=77 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 00 00 14 83 F1 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 64 00 00 00 .d.o.n.. .d... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=60 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e3 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e3 (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "wkssvc" (pnum 73e3) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e3 name: wkssvc open: Yes len: 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKS_Q_QUERY_INFO [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x800ec7b4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 wks_io_q_query_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name: 00f18314 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0020 switch_value: 0064 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:_wks_query_info(66) _wks_query_info: 66 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:create_wks_info_100(40) create_wks_info_100: 40 [2006/11/08 09:30:50, 5] rpc_parse/parse_wks.c:init_wks_info_100(79) Init WKS_INFO_100: 79 [2006/11/08 09:30:50, 5] rpc_parse/parse_wks.c:init_wks_r_query_info(139) init_wks_r_unknown_0: 139 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:_wks_query_info(76) _wks_query_info: 76 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 wks_io_r_query_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 switch_value: 0064 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_1 : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 wks_io_wks_info_100 inf [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 platform_id : 000001f4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_compname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ptr_lan_grp : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ver_major : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ver_minor : 00000009 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : C.O.D.O.N... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 uni_max_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c uni_str_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0040 buffer : P.A.S.I.N.G... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0050 status : NT_STATUS_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called wkssvc successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 94 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 44 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e3 name: wkssvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 006c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000054 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..108] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=109 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 01 00 00 ........ .l...... [010] 00 54 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .T...... .d...... [020] 00 F4 01 00 00 01 00 00 00 01 00 00 00 04 00 00 ........ ........ [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [040] 00 43 00 4F 00 44 00 4F 00 4E 00 00 00 07 00 00 .C.O.D.O .N...... [050] 00 00 00 00 00 07 00 00 00 50 00 41 00 53 00 49 ........ .P.A.S.I [060] 00 4E 00 47 00 00 00 00 00 00 00 00 00 .N.G.... ..... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 8 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=512 smt_wct=3 smb_vwv[ 0]=29667 (0x73E3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e3 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e3 (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73e3 [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name wkssvc pnum=73e3 (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=512 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 9 of length 104 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=576 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \srvsvc. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe srvsvc opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested srvsvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe srvsvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe srvsvc with handle 73e4 (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name srvsvc pnum=73e4 [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \srvsvc [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=576 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=58368 (0xE400) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 10 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=640 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29668 (0x73E4) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e4 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e4 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e4 name: srvsvc open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 4b324fc8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1670 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 01d3 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 12 78 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 5a 47 bf 6e e1 88 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000003 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\ntsvcs. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73e4 nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=640 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 11 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29668 (0x73E4) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e4 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e4 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e4 name: srvsvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73e4 min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x90 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 12 of length 148 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=768 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29668 (0x73E4) smb_bcc=77 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 15 00 14 83 F1 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 65 00 00 00 .d.o.n.. .e... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=60 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e4 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e4 (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "srvsvc" (pnum 73e4) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e4 name: srvsvc open: Yes len: 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0015 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[11].fn == 0x800f7034 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_q_net_srv_get_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name : 00f18314 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 switch_value : 00000065 [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1045) srv_net_srv_get_info: 1045 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_info_101(2809) init_srv_info_101 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_r_net_srv_get_info(3044) init_srv_r_net_srv_get_info [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1090) srv_net_srv_get_info: 1090 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_r_net_srv_get_info [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_info_ctr ctr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 switch_value: 00000065 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_srv_ctr : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 srv_io_info_101 sv101 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 platform_id : 000001f4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_name : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ver_major : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ver_minor : 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 srv_type : 00809a2b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c ptr_comment : 00000001 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 uni_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 002c buffer : C.O.D.O.N... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_unistr2 uni_comment [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 uni_max_len: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 uni_str_len: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0044 buffer : .. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_werror(824) 0048 status: WERR_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called srvsvc successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 138 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 44 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e4 name: srvsvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0064 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000004c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..100] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=768 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 65 00 00 00 01 00 00 .L...... .e...... [020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 ........ ........ [030] 00 2B 9A 80 00 01 00 00 00 06 00 00 00 00 00 00 .+...... ........ [040] 00 06 00 00 00 43 00 4F 00 44 00 4F 00 4E 00 00 .....C.O .D.O.N.. [050] 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 ..... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 13 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=3 smb_vwv[ 0]=29668 (0x73E4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e4 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e4 (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73e4 [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name srvsvc pnum=73e4 (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 14 of length 104 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=896 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \wkssvc. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe wkssvc opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested wkssvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe wkssvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe wkssvc with handle 73e5 (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name wkssvc pnum=73e5 [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \wkssvc [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=896 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=58624 (0xE500) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 15 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29669 (0x73E5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e5 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e5 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e5 name: wkssvc open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 6bffd098 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : a112 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 3610 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 98 33 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 46 c3 f8 7e 34 5a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\ntsvcs. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73e5 nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 16 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1024 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29669 (0x73E5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e5 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e5 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e5 name: wkssvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73e5 min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1024 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x90 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 17 of length 148 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=1088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29669 (0x73E5) smb_bcc=77 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 00 00 F4 82 F1 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 64 00 00 00 .d.o.n.. .d... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=60 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e5 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e5 (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "wkssvc" (pnum 73e5) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e5 name: wkssvc open: Yes len: 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKS_Q_QUERY_INFO [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x800ec7b4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 wks_io_q_query_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name: 00f182f4 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0020 switch_value: 0064 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:_wks_query_info(66) _wks_query_info: 66 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:create_wks_info_100(40) create_wks_info_100: 40 [2006/11/08 09:30:50, 5] rpc_parse/parse_wks.c:init_wks_info_100(79) Init WKS_INFO_100: 79 [2006/11/08 09:30:50, 5] rpc_parse/parse_wks.c:init_wks_r_query_info(139) init_wks_r_unknown_0: 139 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:_wks_query_info(76) _wks_query_info: 76 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 wks_io_r_query_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 switch_value: 0064 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_1 : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 wks_io_wks_info_100 inf [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 platform_id : 000001f4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_compname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ptr_lan_grp : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ver_major : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ver_minor : 00000009 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : C.O.D.O.N... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 uni_max_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c uni_str_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0040 buffer : P.A.S.I.N.G... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0050 status : NT_STATUS_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called wkssvc successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 94 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 44 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e5 name: wkssvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 006c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000054 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..108] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=1088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=109 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 01 00 00 ........ .l...... [010] 00 54 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .T...... .d...... [020] 00 F4 01 00 00 01 00 00 00 01 00 00 00 04 00 00 ........ ........ [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [040] 00 43 00 4F 00 44 00 4F 00 4E 00 00 00 07 00 00 .C.O.D.O .N...... [050] 00 00 00 00 00 07 00 00 00 50 00 41 00 53 00 49 ........ .P.A.S.I [060] 00 4E 00 47 00 00 00 00 00 00 00 00 00 .N.G.... ..... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 18 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1152 smt_wct=3 smb_vwv[ 0]=29669 (0x73E5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e5 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e5 (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73e5 [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name wkssvc pnum=73e5 (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1152 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 19 of length 104 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=1216 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \srvsvc. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe srvsvc opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested srvsvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe srvsvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe srvsvc with handle 73e6 (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name srvsvc pnum=73e6 [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \srvsvc [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=1216 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=58880 (0xE600) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 20 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29670 (0x73E6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e6 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e6 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e6 name: srvsvc open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 4b324fc8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1670 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 01d3 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 12 78 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 5a 47 bf 6e e1 88 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000003 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\ntsvcs. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73e6 nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 21 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29670 (0x73E6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e6 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e6 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e6 name: srvsvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73e6 min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 168 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xa8 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 22 of length 172 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=1408 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 84 (0x54) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 84 (0x54) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29670 (0x73E6) smb_bcc=101 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 54 00 00 00 01 00 00 ........ .T...... [020] 00 3C 00 00 00 00 00 0F 00 84 90 03 00 08 00 00 .<...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 01 00 00 00 01 00 00 .d.o.n.. ........ [050] 00 DC E7 F1 00 00 00 00 00 00 00 00 00 FF FF FF ........ ........ [060] FF 00 00 00 00 ..... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=84 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e6 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e6 (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "srvsvc" (pnum 73e6) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e6 name: srvsvc open: Yes len: 84 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 84 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0054 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 000f [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: srvsvc op 0xf - api_rpcTNP: rpc command: SRV_NET_SHARE_ENUM_ALL [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 0x800f74c0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_q_net_share_enum [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name: 00039084 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 srv_io_srv_share_ctr share_ctr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 info_level: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 switch_value: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 ptr_share_info: 00f1e7dc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c num_entries: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 ptr_entries: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 preferred_len: ffffffff [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_enum_hnd enum_hnd [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 ptr_hnd: 00000000 [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_share_enum_all(1253) _srv_net_share_enum: 1253 [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:init_srv_r_net_share_enum(558) init_srv_r_net_share_enum: 558 [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(325) init_srv_share_info_ctr [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(1061, 513) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (1061, 513) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: IPC$ 3 IPC Service () [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: HPLJ2420-4 1 HP LaserJet 2420 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: HPLJ1320-2 1 HP LaserJet 1320 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: HPLJ1320-1 1 HP LaserJet 1320 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: LEOP630-1 1 Lexmark Optra T630 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: HPLJ2200-1 1 HP LaserJet 2200 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: XEPH6200-1 1 Xerox Phaser 6200n [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: print$ 0 Printer Drivers [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: MetaSystems 0 Zytogenetik MetaSystems [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: MetaSetupBAK 0 Zytogenetik MetaSystems MetaSetup BackUp [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: MetaSetup 0 Zytogenetik MetaSystems MetaSetup [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: Msd 0 Zytogenetik MetaSystems Daten [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: Abteilungen 0 Abteilungsverzeichnisse [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: Programs 0 Netzwerkinstallationen und Netzwerkprogramme [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: IT 0 IT-Abteilung [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: Netlogon 0 Anmeldescripte [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1(142) init_srv_share_info1: muehlfeld 0 Persoenliches Verzeichnis [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_share_info1_str(101) init_srv_share_info1_str [2006/11/08 09:30:50, 5] rpc_parse/parse_misc.c:init_enum_hnd(159) smb_io_enum_hnd [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_share_enum_all(1265) _srv_net_share_enum: 1265 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_r_net_share_enum [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_srv_share_ctr share_ctr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 info_level: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 switch_value: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr_share_info: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c num_entries: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ptr_entries: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 num_entries2: 00000011 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c type : 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 type : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 type : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00003c srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 type : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c type : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000054 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 type : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 type : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00006c srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000078 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000084 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0084 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000090 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0090 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0094 type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0098 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00009c srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a4 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a8 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a8 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000b4 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b8 type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000c0 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000cc srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000d8 srv_io_share_info1 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 ptr_netname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc type : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 ptr_remark : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e4 uni_max_len: 00000005 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ec uni_str_len: 00000005 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00f0 buffer : I.P.C.$... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0000fc smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc uni_max_len: 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0104 uni_str_len: 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0108 buffer : I.P.C. .S.e.r.v.i.c.e. .(.)... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000126 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000128 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0128 uni_max_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 012c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0130 uni_str_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0134 buffer : H.P.L.J.2.4.2.0.-.4... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 00014c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 014c uni_max_len: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0150 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0154 uni_str_len: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0158 buffer : H.P. .L.a.s.e.r.J.e.t. .2.4.2.0... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00017a srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 00017c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 017c uni_max_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0180 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0184 uni_str_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0188 buffer : H.P.L.J.1.3.2.0.-.2... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0001a0 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01a0 uni_max_len: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01a4 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01a8 uni_str_len: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 01ac buffer : H.P. .L.a.s.e.r.J.e.t. .1.3.2.0... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0001ce srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0001d0 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01d0 uni_max_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01d4 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01d8 uni_str_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 01dc buffer : H.P.L.J.1.3.2.0.-.1... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0001f4 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01f4 uni_max_len: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01f8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 01fc uni_str_len: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0200 buffer : H.P. .L.a.s.e.r.J.e.t. .1.3.2.0... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000222 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000224 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0224 uni_max_len: 0000000a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0228 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 022c uni_str_len: 0000000a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0230 buffer : L.E.O.P.6.3.0.-.1... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000244 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0244 uni_max_len: 00000013 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0248 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 024c uni_str_len: 00000013 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0250 buffer : L.e.x.m.a.r.k. .O.p.t.r.a. .T.6.3.0... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000276 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000278 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0278 uni_max_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 027c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0280 uni_str_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0284 buffer : H.P.L.J.2.2.0.0.-.1... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 00029c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 029c uni_max_len: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02a0 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02a4 uni_str_len: 00000011 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 02a8 buffer : H.P. .L.a.s.e.r.J.e.t. .2.2.0.0... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0002ca srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0002cc smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02cc uni_max_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02d0 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02d4 uni_str_len: 0000000b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 02d8 buffer : X.E.P.H.6.2.0.0.-.1... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0002f0 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02f0 uni_max_len: 00000013 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02f4 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02f8 uni_str_len: 00000013 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 02fc buffer : X.e.r.o.x. .P.h.a.s.e.r. .6.2.0.0.n... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000322 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000324 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0324 uni_max_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0328 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 032c uni_str_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0330 buffer : p.r.i.n.t.$... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000340 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0340 uni_max_len: 00000010 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0344 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0348 uni_str_len: 00000010 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 034c buffer : P.r.i.n.t.e.r. .D.r.i.v.e.r.s... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00036c srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 00036c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 036c uni_max_len: 0000000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0370 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0374 uni_str_len: 0000000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0378 buffer : M.e.t.a.S.y.s.t.e.m.s... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000390 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0390 uni_max_len: 00000018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0394 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0398 uni_str_len: 00000018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 039c buffer : Z.y.t.o.g.e.n.e.t.i.k. .M.e.t.a.S.y.s.t.e.m.s... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0003cc srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0003cc smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 03cc uni_max_len: 0000000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 03d0 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 03d4 uni_str_len: 0000000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 03d8 buffer : M.e.t.a.S.e.t.u.p.B.A.K... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0003f4 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 03f4 uni_max_len: 00000029 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 03f8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 03fc uni_str_len: 00000029 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0400 buffer : Z.y.t.o.g.e.n.e.t.i.k. .M.e.t.a.S.y.s.t.e.m.s. .M.e.t.a.S.e.t.u.p. .B.a.c.k.U.p... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000452 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000454 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0454 uni_max_len: 0000000a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0458 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 045c uni_str_len: 0000000a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0460 buffer : M.e.t.a.S.e.t.u.p... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000474 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0474 uni_max_len: 00000022 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0478 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 047c uni_str_len: 00000022 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0480 buffer : Z.y.t.o.g.e.n.e.t.i.k. .M.e.t.a.S.y.s.t.e.m.s. .M.e.t.a.S.e.t.u.p... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 0004c4 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0004c4 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 04c4 uni_max_len: 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 04c8 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 04cc uni_str_len: 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 04d0 buffer : M.s.d... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0004d8 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 04d8 uni_max_len: 0000001e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 04dc offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 04e0 uni_str_len: 0000001e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 04e4 buffer : Z.y.t.o.g.e.n.e.t.i.k. .M.e.t.a.S.y.s.t.e.m.s. .D.a.t.e.n... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000520 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000520 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0520 uni_max_len: 0000000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0524 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0528 uni_str_len: 0000000c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 052c buffer : A.b.t.e.i.l.u.n.g.e.n... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000544 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0544 uni_max_len: 00000018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0548 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 054c uni_str_len: 00000018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0550 buffer : A.b.t.e.i.l.u.n.g.s.v.e.r.z.e.i.c.h.n.i.s.s.e... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000580 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000580 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0580 uni_max_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0584 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0588 uni_str_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 058c buffer : P.r.o.g.r.a.m.s... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0005a0 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 05a0 uni_max_len: 0000002d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 05a4 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 05a8 uni_str_len: 0000002d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 05ac buffer : N.e.t.z.w.e.r.k.i.n.s.t.a.l.l.a.t.i.o.n.e.n. .u.n.d. .N.e.t.z.w.e.r.k.p.r.o.g.r.a.m.m.e... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000606 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000608 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0608 uni_max_len: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 060c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0610 uni_str_len: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0614 buffer : I.T... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 00061c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 061c uni_max_len: 0000000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0620 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0624 uni_str_len: 0000000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0628 buffer : I.T.-.A.b.t.e.i.l.u.n.g... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000642 srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000644 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0644 uni_max_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0648 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 064c uni_str_len: 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0650 buffer : N.e.t.l.o.g.o.n... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000664 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0664 uni_max_len: 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0668 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 066c uni_str_len: 0000000f [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0670 buffer : A.n.m.e.l.d.e.s.c.r.i.p.t.e... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00068e srv_io_share_info1_str [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000690 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0690 uni_max_len: 0000000a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0694 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0698 uni_str_len: 0000000a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 069c buffer : m.u.e.h.l.f.e.l.d... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 0006b0 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 06b0 uni_max_len: 0000001a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 06b4 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 06b8 uni_str_len: 0000001a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 06bc buffer : P.e.r.s.o.e.n.l.i.c.h.e.s. .V.e.r.z.e.i.c.h.n.i.s... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 06f0 total_entries: 00000011 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 0006f4 smb_io_enum_hnd enum_hnd [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 06f4 ptr_hnd: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_werror(824) 06f8 status: WERR_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called srvsvc successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 1928 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 68 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e6 name: srvsvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 1788. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0714 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 000006fc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:send_trans_reply(89) send_trans_reply: buffer 1024 too large [2006/11/08 09:30:50, 3] smbd/error.c:error_packet(146) error packet at smbd/ipc.c(97) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..1024] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=1408 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 14 07 00 00 01 00 00 ........ ........ [010] 00 FC 06 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [020] 00 01 00 00 00 11 00 00 00 01 00 00 00 11 00 00 ........ ........ [030] 00 01 00 00 00 03 00 00 00 01 00 00 00 01 00 00 ........ ........ [040] 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 ........ ........ [050] 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 ........ ........ [060] 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 ........ ........ [070] 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 ........ ........ [080] 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 ........ ........ [090] 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [0A0] 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 ........ ........ [0B0] 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 ........ ........ [0C0] 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [0D0] 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 ........ ........ [0E0] 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 ........ ........ [0F0] 00 01 00 00 00 00 00 00 00 01 00 00 00 05 00 00 ........ ........ [100] 00 00 00 00 00 05 00 00 00 49 00 50 00 43 00 24 ........ .I.P.C.$ [110] 00 00 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 ........ ........ [120] 00 49 00 50 00 43 00 20 00 53 00 65 00 72 00 76 .I.P.C. .S.e.r.v [130] 00 69 00 63 00 65 00 20 00 28 00 29 00 00 00 00 .i.c.e. .(.).... [140] 00 0B 00 00 00 00 00 00 00 0B 00 00 00 48 00 50 ........ .....H.P [150] 00 4C 00 4A 00 32 00 34 00 32 00 30 00 2D 00 34 .L.J.2.4 .2.0.-.4 [160] 00 00 00 00 00 11 00 00 00 00 00 00 00 11 00 00 ........ ........ [170] 00 48 00 50 00 20 00 4C 00 61 00 73 00 65 00 72 .H.P. .L .a.s.e.r [180] 00 4A 00 65 00 74 00 20 00 32 00 34 00 32 00 30 .J.e.t. .2.4.2.0 [190] 00 00 00 00 00 0B 00 00 00 00 00 00 00 0B 00 00 ........ ........ [1A0] 00 48 00 50 00 4C 00 4A 00 31 00 33 00 32 00 30 .H.P.L.J .1.3.2.0 [1B0] 00 2D 00 32 00 00 00 00 00 11 00 00 00 00 00 00 .-.2.... ........ [1C0] 00 11 00 00 00 48 00 50 00 20 00 4C 00 61 00 73 .....H.P . .L.a.s [1D0] 00 65 00 72 00 4A 00 65 00 74 00 20 00 31 00 33 .e.r.J.e .t. .1.3 [1E0] 00 32 00 30 00 00 00 00 00 0B 00 00 00 00 00 00 .2.0.... ........ [1F0] 00 0B 00 00 00 48 00 50 00 4C 00 4A 00 31 00 33 .....H.P .L.J.1.3 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 23 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1472 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29670 (0x73E6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 788 (0x314) smb_vwv[ 6]= 788 (0x314) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 788 (0x314) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e6 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e6 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e6 name: srvsvc len: 788 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: srvsvc: current_pdu_len = 1812, current_pdu_sent = 1024 returning 788 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73e6 min=788 max=788 nread=788 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=847 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1472 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 788 (0x314) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=788 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 70 00 42 00 41 00 4B 00 00 00 00 00 29 00 00 00 p.B.A.K. ....)... [010] 00 00 00 00 29 00 00 00 5A 00 79 00 74 00 6F 00 ....)... Z.y.t.o. [020] 67 00 65 00 6E 00 65 00 74 00 69 00 6B 00 20 00 g.e.n.e. t.i.k. . [030] 4D 00 65 00 74 00 61 00 53 00 79 00 73 00 74 00 M.e.t.a. S.y.s.t. [040] 65 00 6D 00 73 00 20 00 4D 00 65 00 74 00 61 00 e.m.s. . M.e.t.a. [050] 53 00 65 00 74 00 75 00 70 00 20 00 42 00 61 00 S.e.t.u. p. .B.a. [060] 63 00 6B 00 55 00 70 00 00 00 00 00 0A 00 00 00 c.k.U.p. ........ [070] 00 00 00 00 0A 00 00 00 4D 00 65 00 74 00 61 00 ........ M.e.t.a. [080] 53 00 65 00 74 00 75 00 70 00 00 00 22 00 00 00 S.e.t.u. p..."... [090] 00 00 00 00 22 00 00 00 5A 00 79 00 74 00 6F 00 ...."... Z.y.t.o. [0A0] 67 00 65 00 6E 00 65 00 74 00 69 00 6B 00 20 00 g.e.n.e. t.i.k. . [0B0] 4D 00 65 00 74 00 61 00 53 00 79 00 73 00 74 00 M.e.t.a. S.y.s.t. [0C0] 65 00 6D 00 73 00 20 00 4D 00 65 00 74 00 61 00 e.m.s. . M.e.t.a. [0D0] 53 00 65 00 74 00 75 00 70 00 00 00 04 00 00 00 S.e.t.u. p....... [0E0] 00 00 00 00 04 00 00 00 4D 00 73 00 64 00 00 00 ........ M.s.d... [0F0] 1E 00 00 00 00 00 00 00 1E 00 00 00 5A 00 79 00 ........ ....Z.y. [100] 74 00 6F 00 67 00 65 00 6E 00 65 00 74 00 69 00 t.o.g.e. n.e.t.i. [110] 6B 00 20 00 4D 00 65 00 74 00 61 00 53 00 79 00 k. .M.e. t.a.S.y. [120] 73 00 74 00 65 00 6D 00 73 00 20 00 44 00 61 00 s.t.e.m. s. .D.a. [130] 74 00 65 00 6E 00 00 00 0C 00 00 00 00 00 00 00 t.e.n... ........ [140] 0C 00 00 00 41 00 62 00 74 00 65 00 69 00 6C 00 ....A.b. t.e.i.l. [150] 75 00 6E 00 67 00 65 00 6E 00 00 00 18 00 00 00 u.n.g.e. n....... [160] 00 00 00 00 18 00 00 00 41 00 62 00 74 00 65 00 ........ A.b.t.e. [170] 69 00 6C 00 75 00 6E 00 67 00 73 00 76 00 65 00 i.l.u.n. g.s.v.e. [180] 72 00 7A 00 65 00 69 00 63 00 68 00 6E 00 69 00 r.z.e.i. c.h.n.i. [190] 73 00 73 00 65 00 00 00 09 00 00 00 00 00 00 00 s.s.e... ........ [1A0] 09 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 ....P.r. o.g.r.a. [1B0] 6D 00 73 00 00 00 00 00 2D 00 00 00 00 00 00 00 m.s..... -....... [1C0] 2D 00 00 00 4E 00 65 00 74 00 7A 00 77 00 65 00 -...N.e. t.z.w.e. [1D0] 72 00 6B 00 69 00 6E 00 73 00 74 00 61 00 6C 00 r.k.i.n. s.t.a.l. [1E0] 6C 00 61 00 74 00 69 00 6F 00 6E 00 65 00 6E 00 l.a.t.i. o.n.e.n. [1F0] 20 00 75 00 6E 00 64 00 20 00 4E 00 65 00 74 00 .u.n.d. .N.e.t. [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 24 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1536 smt_wct=3 smb_vwv[ 0]=29670 (0x73E6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e6 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e6 (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73e6 [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name srvsvc pnum=73e6 (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1536 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 102 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x66 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 25 of length 106 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1456 smb_uid=101 smb_mid=1600 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [010] 00 00 00 ... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \spoolss. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe spoolss opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested spoolss (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested spoolss [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe spoolss [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe spoolss [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe spoolss (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe spoolss with handle 73e7 (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name spoolss pnum=73e7 [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \spoolss [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1456 smb_uid=101 smb_mid=1600 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=59136 (0xE700) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 26 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1664 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29671 (0x73E7) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e7 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=73e7 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e7 name: spoolss open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345678 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ab [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\spoolss [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\winreg [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\spoolss [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000e [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\spoolss. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73e7 nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1664 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 27 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1728 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29671 (0x73E7) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e7 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=73e7 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e7 name: spoolss len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73e7 min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1728 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 73 70 6F 6F 6C 73 73 00 01 00 00 00 00 00 00 00 spoolss. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 256 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x100 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 28 of length 260 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=256 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1456 smb_uid=101 smb_mid=1792 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 172 (0xAC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 172 (0xAC) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29671 (0x73E7) smb_bcc=189 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 AC 00 00 00 01 00 00 ........ ........ [020] 00 94 00 00 00 00 00 45 00 00 68 E0 00 08 00 00 .......E ..h..... [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 00 00 00 00 00 00 00 .d.o.n.. ........ [050] 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [060] 00 48 F5 95 00 1C 00 00 00 30 C0 A2 00 A4 F5 95 .H...... .0...... [070] 00 28 0A 00 00 03 00 00 00 00 00 00 00 00 00 00 .(...... ........ [080] 00 08 00 00 00 00 00 00 00 08 00 00 00 5C 00 5C ........ .....\.\ [090] 00 49 00 54 00 2D 00 30 00 31 00 00 00 0A 00 00 .I.T.-.0 .1...... [0A0] 00 00 00 00 00 0A 00 00 00 6D 00 75 00 65 00 68 ........ .m.u.e.h [0B0] 00 6C 00 66 00 65 00 6C 00 64 00 00 00 .l.f.e.l .d... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=172 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e7 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=73e7 (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 73e7) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803875e0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e7 name: spoolss open: Yes len: 172 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 172 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 172 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 172, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 156 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 156 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00ac [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 156 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 156, incoming data = 156 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000094 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0045 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 72 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x800fdb71 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_open_printer_ex [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 00e06800 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 printername [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 spoolss_io_printer_default [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 datatype_ptr: 00000000 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 - NULL datatype [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 spoolss_io_devmode_cont [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 size: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 devmode_ptr: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c access_required: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 user_switch: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 spool_io_user_level [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 level: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 ptr: 0095f548 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c size: 0000001c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 ptr: 00a2c030 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr: 0095f5a4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 build: 00000a28 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c major: 00000003 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 minor: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 processor: 00000000 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0064 buffer : \.\.I.T.-.0.1... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000074 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 uni_max_len: 0000000a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c uni_str_len: 0000000a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0080 buffer : m.u.e.h.l.f.e.l.d... checking name: \\codon [2006/11/08 09:30:50, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(567) open_printer_hnd: name [\\codon] [2006/11/08 09:30:50, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(408) Setting printer type=\\codon Printer is a print server [2006/11/08 09:30:50, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(447) Setting printer name=\\codon (len=7) [2006/11/08 09:30:50, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(602) 1 printer handles active [2006/11/08 09:30:50, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:50, 4] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1624) Setting print server access = SERVER_ACCESS_ENUMERATE [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_open_printer_ex [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: ba 95 51 45 59 1e 00 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status code: WERR_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 128 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 156 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e7 name: spoolss len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1456 smb_uid=101 smb_mid=1792 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 BA 95 51 45 59 1E 00 00 00 00 00 .......Q EY...... [030] 00 . [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 29 of length 132 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1456 smb_uid=101 smb_mid=1856 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29671 (0x73E7) smb_bcc=61 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 02 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 BA 95 51 45 59 1E 00 00 .......Q EY... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e7 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=73e7 (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "spoolss" (pnum 73e7) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803875e0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e7 name: spoolss open: Yes len: 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 001d [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\spoolss [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 0x800fdfd0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_q_closeprinter [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: ba 95 51 45 59 1e 00 00 [2006/11/08 09:30:50, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:50, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:50, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:50, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 spoolss_io_r_closeprinter [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd printer handle [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called spoolss successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e7 name: spoolss len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1456 smb_uid=101 smb_mid=1856 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 30 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=3 smb_vwv[ 0]=29671 (0x73E7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e7 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name spoolss pnum=73e7 (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73e7 [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe spoolss [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name spoolss pnum=73e7 (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 31 of length 104 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=1984 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \wkssvc. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe wkssvc opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested wkssvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe wkssvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe wkssvc with handle 73e8 (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name wkssvc pnum=73e8 [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \wkssvc [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=1984 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=59392 (0xE800) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 32 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2048 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29672 (0x73E8) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e8 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e8 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e8 name: wkssvc open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 6bffd098 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : a112 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 3610 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 98 33 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 46 c3 f8 7e 34 5a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\ntsvcs. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73e8 nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2048 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 33 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29672 (0x73E8) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e8 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e8 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e8 name: wkssvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73e8 min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x90 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 34 of length 148 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2176 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29672 (0x73E8) smb_bcc=77 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 00 00 00 E5 F1 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 64 00 00 00 .d.o.n.. .d... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=60 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e8 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e8 (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "wkssvc" (pnum 73e8) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e8 name: wkssvc open: Yes len: 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKS_Q_QUERY_INFO [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x800ec7b4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 wks_io_q_query_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name: 00f1e500 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0020 switch_value: 0064 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:_wks_query_info(66) _wks_query_info: 66 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:create_wks_info_100(40) create_wks_info_100: 40 [2006/11/08 09:30:50, 5] rpc_parse/parse_wks.c:init_wks_info_100(79) Init WKS_INFO_100: 79 [2006/11/08 09:30:50, 5] rpc_parse/parse_wks.c:init_wks_r_query_info(139) init_wks_r_unknown_0: 139 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:_wks_query_info(76) _wks_query_info: 76 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 wks_io_r_query_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 switch_value: 0064 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_1 : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 wks_io_wks_info_100 inf [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 platform_id : 000001f4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_compname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ptr_lan_grp : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ver_major : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ver_minor : 00000009 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : C.O.D.O.N... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 uni_max_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c uni_str_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0040 buffer : P.A.S.I.N.G... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0050 status : NT_STATUS_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called wkssvc successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 94 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 44 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e8 name: wkssvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 006c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000054 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..108] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2176 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=109 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 01 00 00 ........ .l...... [010] 00 54 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .T...... .d...... [020] 00 F4 01 00 00 01 00 00 00 01 00 00 00 04 00 00 ........ ........ [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [040] 00 43 00 4F 00 44 00 4F 00 4E 00 00 00 07 00 00 .C.O.D.O .N...... [050] 00 00 00 00 00 07 00 00 00 50 00 41 00 53 00 49 ........ .P.A.S.I [060] 00 4E 00 47 00 00 00 00 00 00 00 00 00 .N.G.... ..... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 35 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=3 smb_vwv[ 0]=29672 (0x73E8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e8 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73e8 (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73e8 [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name wkssvc pnum=73e8 (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 36 of length 104 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2304 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \srvsvc. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe srvsvc opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested srvsvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe srvsvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe srvsvc with handle 73e9 (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name srvsvc pnum=73e9 [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \srvsvc [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2304 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=59648 (0xE900) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 37 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29673 (0x73E9) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e9 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e9 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e9 name: srvsvc open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 4b324fc8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1670 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 01d3 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 12 78 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 5a 47 bf 6e e1 88 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000003 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\ntsvcs. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73e9 nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 38 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29673 (0x73E9) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e9 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e9 (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e9 name: srvsvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73e9 min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x90 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 39 of length 148 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2496 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29673 (0x73E9) smb_bcc=77 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 15 00 00 E5 F1 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 65 00 00 00 .d.o.n.. .e... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=60 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e9 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e9 (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "srvsvc" (pnum 73e9) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73e9 name: srvsvc open: Yes len: 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0015 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[11].fn == 0x800f7034 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_q_net_srv_get_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name : 00f1e500 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 switch_value : 00000065 [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1045) srv_net_srv_get_info: 1045 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_info_101(2809) init_srv_info_101 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_r_net_srv_get_info(3044) init_srv_r_net_srv_get_info [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1090) srv_net_srv_get_info: 1090 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_r_net_srv_get_info [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_info_ctr ctr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 switch_value: 00000065 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_srv_ctr : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 srv_io_info_101 sv101 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 platform_id : 000001f4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_name : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ver_major : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ver_minor : 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 srv_type : 00809a2b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c ptr_comment : 00000001 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 uni_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 002c buffer : C.O.D.O.N... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_unistr2 uni_comment [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 uni_max_len: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 uni_str_len: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0044 buffer : .. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_werror(824) 0048 status: WERR_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called srvsvc successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 138 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 44 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73e9 name: srvsvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0064 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000004c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..100] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2496 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 65 00 00 00 01 00 00 .L...... .e...... [020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 ........ ........ [030] 00 2B 9A 80 00 01 00 00 00 06 00 00 00 00 00 00 .+...... ........ [040] 00 06 00 00 00 43 00 4F 00 44 00 4F 00 4E 00 00 .....C.O .D.O.N.. [050] 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 ..... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 40 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2560 smt_wct=3 smb_vwv[ 0]=29673 (0x73E9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73e9 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73e9 (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73e9 [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name srvsvc pnum=73e9 (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2560 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 41 of length 104 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2624 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \wkssvc. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe wkssvc opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested wkssvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe wkssvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe wkssvc with handle 73ea (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name wkssvc pnum=73ea [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \wkssvc [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2624 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=59904 (0xEA00) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 42 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2688 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29674 (0x73EA) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ea [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73ea (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73ea name: wkssvc open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 6bffd098 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : a112 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 3610 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 98 33 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 46 c3 f8 7e 34 5a [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\wkssvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\ntsvcs. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73ea nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2688 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 43 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2752 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29674 (0x73EA) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ea [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73ea (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73ea name: wkssvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73ea min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2752 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x90 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 44 of length 148 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2816 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29674 (0x73EA) smb_bcc=77 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 00 00 00 E5 F1 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 64 00 00 00 .d.o.n.. .d... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=60 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ea [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73ea (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "wkssvc" (pnum 73ea) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73ea name: wkssvc open: Yes len: 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKS_Q_QUERY_INFO [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x800ec7b4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 wks_io_q_query_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name: 00f1e500 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0020 switch_value: 0064 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:_wks_query_info(66) _wks_query_info: 66 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:create_wks_info_100(40) create_wks_info_100: 40 [2006/11/08 09:30:50, 5] rpc_parse/parse_wks.c:init_wks_info_100(79) Init WKS_INFO_100: 79 [2006/11/08 09:30:50, 5] rpc_parse/parse_wks.c:init_wks_r_query_info(139) init_wks_r_unknown_0: 139 [2006/11/08 09:30:50, 5] rpc_server/srv_wkssvc_nt.c:_wks_query_info(76) _wks_query_info: 76 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 wks_io_r_query_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 switch_value: 0064 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_1 : 00000001 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 wks_io_wks_info_100 inf [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 platform_id : 000001f4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_compname: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ptr_lan_grp : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ver_major : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ver_minor : 00000009 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : C.O.D.O.N... [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 uni_max_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c uni_str_len: 00000007 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0040 buffer : P.A.S.I.N.G... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0050 status : NT_STATUS_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called wkssvc successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 94 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 44 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73ea name: wkssvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 006c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000054 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..108] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2816 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=109 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 01 00 00 ........ .l...... [010] 00 54 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .T...... .d...... [020] 00 F4 01 00 00 01 00 00 00 01 00 00 00 04 00 00 ........ ........ [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [040] 00 43 00 4F 00 44 00 4F 00 4E 00 00 00 07 00 00 .C.O.D.O .N...... [050] 00 00 00 00 00 07 00 00 00 50 00 41 00 53 00 49 ........ .P.A.S.I [060] 00 4E 00 47 00 00 00 00 00 00 00 00 00 .N.G.... ..... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 45 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2880 smt_wct=3 smb_vwv[ 0]=29674 (0x73EA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ea [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name wkssvc pnum=73ea (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73ea [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe wkssvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name wkssvc pnum=73ea (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2880 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 46 of length 104 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2944 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/11/08 09:30:50, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \srvsvc. [2006/11/08 09:30:50, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe srvsvc opening. [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested srvsvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe srvsvc (pipes_open=0) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe srvsvc with handle 73eb (pipes_open=1) [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name srvsvc pnum=73eb [2006/11/08 09:30:50, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \srvsvc [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=2944 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=60160 (0xEB00) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 47 of length 140 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3008 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29675 (0x73EB) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73eb [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73eb (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73eb name: srvsvc open: Yes len: 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 4b324fc8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1670 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 01d3 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 12 78 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 5a 47 bf 6e e1 88 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000003 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\srvsvc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:50, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\ntsvcs. [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73eb nwritten=72 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3008 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 48 of length 63 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3072 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29675 (0x73EB) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73eb [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73eb (pipes_open=1) [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73eb name: srvsvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:50, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73eb min=1024 max=1024 nread=68 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3072 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x90 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 49 of length 148 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3136 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29675 (0x73EB) smb_bcc=77 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 15 00 00 E5 F1 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 63 00 6F ........ .\.\.c.o [040] 00 64 00 6F 00 6E 00 00 00 65 00 00 00 .d.o.n.. .e... [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:50, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=60 params=0 setup=2 [2006/11/08 09:30:50, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:50, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:50, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73eb [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73eb (pipes_open=1) [2006/11/08 09:30:50, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "srvsvc" (pnum 73eb) [2006/11/08 09:30:50, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73eb name: srvsvc open: Yes len: 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000024 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0015 [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO [2006/11/08 09:30:50, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[11].fn == 0x800f7034 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_q_net_srv_get_info [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name : 00f1e500 [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.c.o.d.o.n... [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 switch_value : 00000065 [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1045) srv_net_srv_get_info: 1045 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_info_101(2809) init_srv_info_101 [2006/11/08 09:30:50, 5] rpc_parse/parse_srv.c:init_srv_r_net_srv_get_info(3044) init_srv_r_net_srv_get_info [2006/11/08 09:30:50, 5] rpc_server/srv_srvsvc_nt.c:_srv_net_srv_get_info(1090) srv_net_srv_get_info: 1090 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_r_net_srv_get_info [2006/11/08 09:30:50, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 srv_io_info_ctr ctr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 switch_value: 00000065 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_srv_ctr : 00000001 [2006/11/08 09:30:50, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 srv_io_info_101 sv101 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 platform_id : 000001f4 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_name : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ver_major : 00000004 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ver_minor : 00000009 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 srv_type : 00809a2b [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c ptr_comment : 00000001 [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 uni_name [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 uni_max_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 uni_str_len: 00000006 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 002c buffer : C.O.D.O.N... [2006/11/08 09:30:50, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_unistr2 uni_comment [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 uni_max_len: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c offset : 00000000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 uni_str_len: 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0044 buffer : .. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_werror(824) 0048 status: WERR_OK [2006/11/08 09:30:50, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called srvsvc successfully [2006/11/08 09:30:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 138 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 44 [2006/11/08 09:30:50, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73eb name: srvsvc len: 1024 [2006/11/08 09:30:50, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0064 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000004c [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:50, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:50, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..100] [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3136 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2006/11/08 09:30:50, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 65 00 00 00 01 00 00 .L...... .e...... [020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 ........ ........ [030] 00 2B 9A 80 00 01 00 00 00 06 00 00 00 00 00 00 .+...... ........ [040] 00 06 00 00 00 43 00 4F 00 44 00 4F 00 4E 00 00 .....C.O .D.O.N.. [050] 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 ..... [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:50, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:50, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:50, 3] smbd/process.c:process_smb(1110) Transaction 50 of length 45 [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3200 smt_wct=3 smb_vwv[ 0]=29675 (0x73EB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:50, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:50, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1061, 513) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-1362721961-1801182073-732966438-3122 contains 19 SIDs SID[ 0]: S-1-5-21-1362721961-1801182073-732966438-3122 SID[ 1]: S-1-5-21-1362721961-1801182073-732966438-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1362721961-1801182073-732966438-1185 SID[ 6]: S-1-5-21-1362721961-1801182073-732966438-1405 SID[ 7]: S-1-5-21-1362721961-1801182073-732966438-1413 SID[ 8]: S-1-5-21-1362721961-1801182073-732966438-1421 SID[ 9]: S-1-5-21-1362721961-1801182073-732966438-1423 SID[ 10]: S-1-5-21-1362721961-1801182073-732966438-1425 SID[ 11]: S-1-5-21-1362721961-1801182073-732966438-1439 SID[ 12]: S-1-5-21-1362721961-1801182073-732966438-1443 SID[ 13]: S-1-5-21-1362721961-1801182073-732966438-3021 SID[ 14]: S-1-5-21-1362721961-1801182073-732966438-3047 SID[ 15]: S-1-5-21-1362721961-1801182073-732966438-3055 SID[ 16]: S-1-5-21-1362721961-1801182073-732966438-3063 SID[ 17]: S-1-5-21-1362721961-1801182073-732966438-3065 SID[ 18]: S-1-5-21-1362721961-1801182073-732966438-3085 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 09:30:50, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 1061 Primary group is 513 and contains 0 supplementary groups [2006/11/08 09:30:50, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(1061,1061) gid=(0,513) [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73eb [2006/11/08 09:30:50, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name srvsvc pnum=73eb (pipes_open=1) [2006/11/08 09:30:50, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73eb [2006/11/08 09:30:50, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe srvsvc [2006/11/08 09:30:50, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name srvsvc pnum=73eb (pipes_open=0) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:50, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3200 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:50, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 51 of length 104 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3264 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 7769) conn 0x80382568 [2006/11/08 09:30:51, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:51, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/11/08 09:30:51, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \winreg. [2006/11/08 09:30:51, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe winreg opening. [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested winreg (pipes_open=0) [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested winreg [2006/11/08 09:30:51, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2006/11/08 09:30:51, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe winreg (pipes_open=0) [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe winreg with handle 73ec (pipes_open=1) [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name winreg pnum=73ec [2006/11/08 09:30:51, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \winreg [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3264 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=60416 (0xEC00) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 52 of length 140 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3328 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29676 (0x73EC) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 7769) conn 0x80382568 [2006/11/08 09:30:51, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ec [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=73ec (pipes_open=1) [2006/11/08 09:30:51, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73ec name: winreg open: Yes len: 72 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2006/11/08 09:30:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/11/08 09:30:51, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 338cd001 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 2244 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 31f1 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : aa aa [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 90 00 38 00 10 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/11/08 09:30:51, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2006/11/08 09:30:51, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\winreg [2006/11/08 09:30:51, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:51, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2006/11/08 09:30:51, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2006/11/08 09:30:51, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2006/11/08 09:30:51, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2006/11/08 09:30:51, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2006/11/08 09:30:51, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\winreg [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\winreg. [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/11/08 09:30:51, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/11/08 09:30:51, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=73ec nwritten=72 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3328 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 53 of length 63 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3392 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29676 (0x73EC) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 7769) conn 0x80382568 [2006/11/08 09:30:51, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ec [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=73ec (pipes_open=1) [2006/11/08 09:30:51, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73ec name: winreg len: 1024 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/11/08 09:30:51, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=73ec min=1024 max=1024 nread=68 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3392 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 120 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x78 [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 54 of length 124 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3456 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29676 (0x73EC) smb_bcc=53 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 38 E8 F1 00 A0 99 01 ........ .8...... [030] 00 00 00 00 02 ..... [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:51, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:51, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=36 params=0 setup=2 [2006/11/08 09:30:51, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:51, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:51, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ec [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=73ec (pipes_open=1) [2006/11/08 09:30:51, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 73ec) [2006/11/08 09:30:51, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:51, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73ec name: winreg open: Yes len: 36 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000000c [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0002 [2006/11/08 09:30:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 71 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/11/08 09:30:51, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2006/11/08 09:30:51, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 0x800e506f [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_hive [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 00f1e838 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 server: 99a0 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 access: 02000000 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(1061, 513) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (1061, 513) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 10] registry/reg_db.c:regdb_open(265) regdb_open: refcount reset (1) [2006/11/08 09:30:51, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM] [2006/11/08 09:30:51, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM] [2006/11/08 09:30:51, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM] [2006/11/08 09:30:51, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/11/08 09:30:51, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 19 entries and first sid S-1-5-21-1362721961-1801182073-732966438-3122. [2006/11/08 09:30:51, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 09:30:51, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1362721961-1801182073-732966438-3122 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1185 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1405 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1413 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1421 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1423 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1425 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1439 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1443 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3021 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3047 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3055 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3063 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3065 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3085 [2006/11/08 09:30:51, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BB 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_hive [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: bb 95 51 45 59 1e 00 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/11/08 09:30:51, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/11/08 09:30:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 510 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 20 [2006/11/08 09:30:51, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73ec name: winreg len: 1024 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:51, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3456 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 BB 95 51 45 59 1E 00 00 00 00 00 .......Q EY...... [030] 00 . [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 228 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xe4 [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 55 of length 232 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=228 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3520 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 144 (0x90) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29676 (0x73EC) smb_bcc=161 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 90 00 00 00 02 00 00 ........ ........ [020] 00 78 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 .x...... ........ [030] 00 00 00 00 00 BB 95 51 45 59 1E 00 00 46 00 46 .......Q EY...F.F [040] 00 10 15 54 73 23 00 00 00 00 00 00 00 23 00 00 ...Ts#.. .....#.. [050] 00 53 00 4F 00 46 00 54 00 57 00 41 00 52 00 45 .S.O.F.T .W.A.R.E [060] 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F .\.M.i.c .r.o.s.o [070] 00 66 00 74 00 5C 00 53 00 63 00 68 00 65 00 64 .f.t.\.S .c.h.e.d [080] 00 75 00 6C 00 69 00 6E 00 67 00 41 00 67 00 65 .u.l.i.n .g.A.g.e [090] 00 6E 00 74 00 00 00 00 00 00 00 00 00 19 00 02 .n.t.... ........ [0A0] 00 . [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:51, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:51, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=144 params=0 setup=2 [2006/11/08 09:30:51, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:51, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:51, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ec [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=73ec (pipes_open=1) [2006/11/08 09:30:51, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 73ec) [2006/11/08 09:30:51, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:51, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73ec name: winreg open: Yes len: 144 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 144 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 144 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 144, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 128 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 128 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0090 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 128 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 128, incoming data = 128 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000078 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 000f [2006/11/08 09:30:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/11/08 09:30:51, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2006/11/08 09:30:51, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x800e52c1 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_entry [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: bb 95 51 45 59 1e 00 00 [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0046 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0046 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 73541510 [2006/11/08 09:30:51, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000023 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000023 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : S.O.F.T.W.A.R.E.\.M.i.c.r.o.s.o.f.t.\.S.c.h.e.d.u.l.i.n.g.A.g.e.n.t... [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 unknown_0 : 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 access: 00020019 [2006/11/08 09:30:51, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BB 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:51, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (1) [2006/11/08 09:30:51, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [2006/11/08 09:30:51, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] [2006/11/08 09:30:51, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] [2006/11/08 09:30:51, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/11/08 09:30:51, 5] registry/reg_db.c:regdb_fetch_keys(456) regdb_fetch_keys: tdb lookup failed to locate key [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [2006/11/08 09:30:51, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (1) [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_entry [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd handle [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_BADFILE [2006/11/08 09:30:51, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/11/08 09:30:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 86 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 128 [2006/11/08 09:30:51, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73ec name: winreg len: 1024 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:51, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3520 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [030] 00 . [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 56 of length 132 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3584 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29676 (0x73EC) smb_bcc=61 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 BB 95 51 45 59 1E 00 00 .......Q EY... [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 7769) conn 0x80382568 [2006/11/08 09:30:51, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:51, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/11/08 09:30:51, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/11/08 09:30:51, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/11/08 09:30:51, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ec [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=73ec (pipes_open=1) [2006/11/08 09:30:51, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 73ec) [2006/11/08 09:30:51, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x803a27a0 max_trans_reply: 1024 [2006/11/08 09:30:51, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 73ec name: winreg open: Yes len: 44 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/11/08 09:30:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/11/08 09:30:51, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2006/11/08 09:30:51, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2006/11/08 09:30:51, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x800e4f94 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: bb 95 51 45 59 1e 00 00 [2006/11/08 09:30:51, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BB 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:51, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BB 95 51 45 ........ ......QE [010] 59 1E 00 00 Y... [2006/11/08 09:30:51, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/11/08 09:30:51, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (0) [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2006/11/08 09:30:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/11/08 09:30:51, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2006/11/08 09:30:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/11/08 09:30:51, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 73ec name: winreg len: 1024 [2006/11/08 09:30:51, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 09:30:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 09:30:51, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1032 smb_uid=101 smb_mid=3584 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 57 of length 45 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3648 smt_wct=3 smb_vwv[ 0]=29676 (0x73EC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 7769) conn 0x80382568 [2006/11/08 09:30:51, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=73ec [2006/11/08 09:30:51, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=73ec (pipes_open=1) [2006/11/08 09:30:51, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:73ec [2006/11/08 09:30:51, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe winreg [2006/11/08 09:30:51, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name winreg pnum=73ec (pipes_open=0) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3648 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 86 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x56 [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 58 of length 90 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=86 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=3712 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 86 (0x56) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=43 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 43 00 4F 00 44 00 4F 00 4E 00 5C .\.\.C.O .D.O.N.\ [010] 00 4D 00 45 00 54 00 41 00 53 00 45 00 54 00 55 .M.E.T.A .S.E.T.U [020] 00 50 00 00 00 3F 3F 3F 3F 3F 00 .P...??? ??. [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 7769) conn 0x0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:51, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [METASETUP] [2006/11/08 09:30:51, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service metasetup [2006/11/08 09:30:51, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share MetaSetup is ok for unix user muehlfeld [2006/11/08 09:30:51, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user muehlfeld [2006/11/08 09:30:51, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is muehlfeld [2006/11/08 09:30:51, 10] lib/util_pw.c:getpwnam_alloc(76) Got muehlfeld from pwnam_cache [2006/11/08 09:30:51, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [muehlfeld]! [2006/11/08 09:30:51, 10] smbd/service.c:set_conn_connectpath(122) set_conn_connectpath: service MetaSetup, connectpath = /shares/MetaSystems/MetaSetup [2006/11/08 09:30:51, 3] smbd/service.c:make_connection_snum(752) Connect path is '/shares/MetaSystems/MetaSetup' for service [MetaSetup] [2006/11/08 09:30:51, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for MetaSetup [2006/11/08 09:30:51, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 09:30:51, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 19 entries and first sid S-1-5-21-1362721961-1801182073-732966438-3122. [2006/11/08 09:30:51, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 09:30:51, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1362721961-1801182073-732966438-3122 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1185 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1405 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1413 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1421 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1423 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1425 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1439 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1443 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3021 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3047 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3055 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3063 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3065 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3085 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/11/08 09:30:51, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/11/08 09:30:51, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2006/11/08 09:30:51, 5] smbd/connection.c:claim_connection(170) claiming MetaSetup 0 [2006/11/08 09:30:51, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share MetaSetup is ok for unix user muehlfeld [2006/11/08 09:30:51, 10] smbd/share_access.c:is_share_read_only_for_token(267) is_share_read_only_for_user: share MetaSetup is read-write for unix user muehlfeld [2006/11/08 09:30:51, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for MetaSetup [2006/11/08 09:30:51, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 09:30:51, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 19 entries and first sid S-1-5-21-1362721961-1801182073-732966438-3122. [2006/11/08 09:30:51, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 09:30:51, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1362721961-1801182073-732966438-3122 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1185 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1405 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1413 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1421 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1423 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1425 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1439 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1443 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3021 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3047 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3055 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3063 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3065 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3085 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/11/08 09:30:51, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/11/08 09:30:51, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for MetaSetup [2006/11/08 09:30:51, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 09:30:51, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 19 entries and first sid S-1-5-21-1362721961-1801182073-732966438-3122. [2006/11/08 09:30:51, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 09:30:51, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1362721961-1801182073-732966438-3122 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1185 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1405 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1413 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1421 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1423 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1425 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1439 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-1443 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3021 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3047 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3055 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3063 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3065 se_access_check: also S-1-5-21-1362721961-1801182073-732966438-3085 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/11/08 09:30:51, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/11/08 09:30:51, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid root does not start with 'S-'. [2006/11/08 09:30:51, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: PASING\root => PASING (domain), root (name) [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=pa,dc=lfmg,dc=de], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2006/11/08 09:30:51, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2006/11/08 09:30:51, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213) ldapsam_getgroup: Did not find group [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: Unix User\root => Unix User (domain), root (name) [2006/11/08 09:30:51, 10] lib/util_pw.c:getpwnam_alloc(76) Got root from pwnam_cache [2006/11/08 09:30:51, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid Administrator does not start with 'S-'. [2006/11/08 09:30:51, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: PASING\Administrator => PASING (domain), Administrator (name) [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=pa,dc=lfmg,dc=de], filter => [(&(uid=Administrator)(objectclass=sambaSamAccount))], scope => [2] [2006/11/08 09:30:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: Administrator [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username Administrator, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain PASING, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580) pdb_set_nt_username: setting nt username Administrator, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(476) pdb_set_user_sid_from_string: setting user sid S-1-5-21-1183370737-3874734740-1589004535-2996 [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-1183370737-3874734740-1589004535-2996 [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name Domainadministrator, was [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive H:, was NULL [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \\codon\administrator, was [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script logonscript.bat, was [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path \\codon\Profiles\administrator, was [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [description] = [] [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/11/08 09:30:51, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 3 [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/11/08 09:30:51, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/11/08 09:30:51, 7] passdb/login_cache.c:login_cache_read(87) Looking up login cache for user Administrator [2006/11/08 09:30:51, 7] passdb/login_cache.c:login_cache_read(101) No cache entry found [2006/11/08 09:30:51, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) No cache entry, bad count = 0, bad time = 0 [2006/11/08 09:30:51, 10] lib/util_pw.c:getpwnam_alloc(76) Got Administrator from pwnam_cache [2006/11/08 09:30:51, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] [2006/11/08 09:30:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2136) init_group_from_ldap: Entry found for group: 512 [2006/11/08 09:30:51, 10] passdb/lookup_sid.c:check_dom_sid_to_level(613) Accepting SID S-1-5-21-1183370737-3874734740-1589004535 in level 1 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/11/08 09:30:51, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1478) lookup_global_sam_rid: looking up RID 512. [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2006/11/08 09:30:51, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=pa,dc=lfmg,dc=de], filter => [(&(sambaSID=S-1-5-21-1183370737-3874734740-1589004535-512)(objectclass=sambaSamAccount))], scope => [2] [2006/11/08 09:30:51, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1183370737-3874734740-1589004535-512] count=0 [2006/11/08 09:30:51, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=pa,dc=lfmg,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1183370737-3874734740-1589004535-512))], scope => [2] [2006/11/08 09:30:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2136) init_group_from_ldap: Entry found for group: 512 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/11/08 09:30:51, 5] passdb/pdb_interface.c:pdb_default_lookup_rids(1599) lookup_rids: Domain Admins:2 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 09:30:51, 10] passdb/lookup_sid.c:lookup_sid(867) Sid S-1-5-21-1183370737-3874734740-1589004535-512 -> PASING\Domain Admins(2) [2006/11/08 09:30:51, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 3 [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username Administrator, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain PASING, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580) pdb_set_nt_username: setting nt username Administrator, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name Domainadministrator, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \\codon\administrator, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive H:, was NULL [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script logonscript.bat, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path \\codon\Profiles\administrator, was [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_workstations(739) pdb_set_workstations: setting workstations , was [2006/11/08 09:30:51, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 3 [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-1183370737-3874734740-1589004535-2996 [2006/11/08 09:30:51, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1183370737-3874734740-1589004535-2996 from rid 2996 [2006/11/08 09:30:51, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015) fetch gid from cache 512 -> S-1-5-21-1183370737-3874734740-1589004535-512 [2006/11/08 09:30:51, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521) pdb_set_group_sid: setting group sid S-1-5-21-1183370737-3874734740-1589004535-512 [2006/11/08 09:30:51, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1183370737-3874734740-1589004535-512 from rid 512 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1061, 513) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-1362721961-1801182073-732966438-3122 contains 19 SIDs SID[ 0]: S-1-5-21-1362721961-1801182073-732966438-3122 SID[ 1]: S-1-5-21-1362721961-1801182073-732966438-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1362721961-1801182073-732966438-1185 SID[ 6]: S-1-5-21-1362721961-1801182073-732966438-1405 SID[ 7]: S-1-5-21-1362721961-1801182073-732966438-1413 SID[ 8]: S-1-5-21-1362721961-1801182073-732966438-1421 SID[ 9]: S-1-5-21-1362721961-1801182073-732966438-1423 SID[ 10]: S-1-5-21-1362721961-1801182073-732966438-1425 SID[ 11]: S-1-5-21-1362721961-1801182073-732966438-1439 SID[ 12]: S-1-5-21-1362721961-1801182073-732966438-1443 SID[ 13]: S-1-5-21-1362721961-1801182073-732966438-3021 SID[ 14]: S-1-5-21-1362721961-1801182073-732966438-3047 SID[ 15]: S-1-5-21-1362721961-1801182073-732966438-3055 SID[ 16]: S-1-5-21-1362721961-1801182073-732966438-3063 SID[ 17]: S-1-5-21-1362721961-1801182073-732966438-3065 SID[ 18]: S-1-5-21-1362721961-1801182073-732966438-3085 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 1061 Primary group is 513 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(1061,1061) gid=(0,513) [2006/11/08 09:30:51, 1] smbd/service.c:make_connection_snum(941) it-01 (192.168.29.254) connect to service MetaSetup initially as user muehlfeld (uid=1061, gid=513) (pid 7769) [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:30:51, 2] smbd/reply.c:reply_tcon_and_X(711) Serving MetaSetup as a Dfs root [2006/11/08 09:30:51, 3] smbd/reply.c:reply_tcon_and_X(716) tconX service=METASETUP [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=54 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3712 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=13 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 108 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x6c [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 59 of length 112 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=108 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=2 smb_pid=1032 smb_uid=101 smb_mid=3776 smt_wct=15 smb_vwv[ 0]= 40 (0x28) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 40 (0x28) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=43 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 00 00 EC 03 00 00 00 00 5C 00 63 00 6F 00 64 ........ .\.c.o.d [010] 00 6F 00 6E 00 5C 00 6D 00 65 00 74 00 61 00 73 .o.n.\.m .e.t.a.s [020] 00 65 00 74 00 75 00 70 00 00 00 .e.t.u.p ... [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 7769) conn 0x80383da0 [2006/11/08 09:30:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1061, 513) - sec_ctx_stack_ndx = 0 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-1362721961-1801182073-732966438-3122 contains 19 SIDs SID[ 0]: S-1-5-21-1362721961-1801182073-732966438-3122 SID[ 1]: S-1-5-21-1362721961-1801182073-732966438-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1362721961-1801182073-732966438-1185 SID[ 6]: S-1-5-21-1362721961-1801182073-732966438-1405 SID[ 7]: S-1-5-21-1362721961-1801182073-732966438-1413 SID[ 8]: S-1-5-21-1362721961-1801182073-732966438-1421 SID[ 9]: S-1-5-21-1362721961-1801182073-732966438-1423 SID[ 10]: S-1-5-21-1362721961-1801182073-732966438-1425 SID[ 11]: S-1-5-21-1362721961-1801182073-732966438-1439 SID[ 12]: S-1-5-21-1362721961-1801182073-732966438-1443 SID[ 13]: S-1-5-21-1362721961-1801182073-732966438-3021 SID[ 14]: S-1-5-21-1362721961-1801182073-732966438-3047 SID[ 15]: S-1-5-21-1362721961-1801182073-732966438-3055 SID[ 16]: S-1-5-21-1362721961-1801182073-732966438-3063 SID[ 17]: S-1-5-21-1362721961-1801182073-732966438-3065 SID[ 18]: S-1-5-21-1362721961-1801182073-732966438-3085 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 09:30:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 1061 Primary group is 513 and contains 0 supplementary groups [2006/11/08 09:30:51, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(1061,1061) gid=(0,513) [2006/11/08 09:30:51, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /shares/MetaSystems/MetaSetup [2006/11/08 09:30:51, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /shares/MetaSystems/MetaSetup [2006/11/08 09:30:51, 0] smbd/service.c:set_current_service(150) chdir (/shares/MetaSystems/MetaSetup) failed [2006/11/08 09:30:51, 3] smbd/error.c:error_packet(146) error packet at smbd/process.c(979) cmd=50 (SMBtrans2) NT_STATUS_NETWORK_ACCESS_DENIED [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=35 smb_com=0x32 smb_rcls=202 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1032 smb_uid=101 smb_mid=3776 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:30:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 108 [2006/11/08 09:30:51, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x6c [2006/11/08 09:30:51, 3] smbd/process.c:process_smb(1110) Transaction 60 of length 112 [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=108 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=2 smb_pid=1032 smb_uid=101 smb_mid=3840 smt_wct=15 smb_vwv[ 0]= 40 (0x28) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 40 (0x28) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=43 [2006/11/08 09:30:51, 10] lib/util.c:dump_data(2215) [000] 00 00 00 EC 03 00 00 00 00 5C 00 63 00 6F 00 64 ........ .\.c.o.d [010] 00 6F 00 6E 00 5C 00 6D 00 65 00 74 00 61 00 73 .o.n.\.m .e.t.a.s [020] 00 65 00 74 00 75 00 70 00 00 00 .e.t.u.p ... [2006/11/08 09:30:51, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 7769) conn 0x80383da0 [2006/11/08 09:30:51, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/11/08 09:30:51, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /shares/MetaSystems/MetaSetup [2006/11/08 09:30:51, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /shares/MetaSystems/MetaSetup [2006/11/08 09:30:51, 0] smbd/service.c:set_current_service(150) chdir (/shares/MetaSystems/MetaSetup) failed [2006/11/08 09:30:51, 3] smbd/error.c:error_packet(146) error packet at smbd/process.c(979) cmd=50 (SMBtrans2) NT_STATUS_NETWORK_ACCESS_DENIED [2006/11/08 09:30:51, 5] lib/util.c:show_msg(478) [2006/11/08 09:30:51, 5] lib/util.c:show_msg(488) size=35 smb_com=0x32 smb_rcls=202 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1032 smb_uid=101 smb_mid=3840 smt_wct=0 smb_bcc=0 [2006/11/08 09:30:51, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2006/11/08 09:31:00, 10] smbd/process.c:async_processing(291) async_processing: Doing async processing. [2006/11/08 09:31:00, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 09:31:00, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 09:31:00, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 09:31:00, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 09:31:00, 1] smbd/process.c:async_processing(312) Reloading services after SIGHUP [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service HPLJ2420-4 [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service HPLJ1320-2 [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service HPLJ1320-1 [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service LEOP630-1 [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service HPLJ2200-1 [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service XEPH6200-1 [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service print$ [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service printers [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service MetaSystems [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service MetaSetupBAK [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service Msd [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service Abteilungen [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service Programs [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service IT [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service homes [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service Profiles [2006/11/08 09:31:00, 5] param/loadparm.c:free_service(2356) free_service: Freeing service Netlogon [2006/11/08 09:31:00, 3] param/loadparm.c:lp_load(4945) lp_load: refreshing parameters [2006/11/08 09:31:00, 3] param/loadparm.c:init_globals(1410) Initialising global parameters [2006/11/08 09:31:00, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba//smb.conf" [2006/11/08 09:31:00, 3] param/loadparm.c:do_section(3687) Processing section "[global]" doing parameter panic action = "/usr/local/bin/panic-action %d" doing parameter pid directory = /var/run/samba doing parameter log file = /var/log/samba/%m.log doing parameter interfaces = 127.0.0.1 192.168.30.4 doing parameter bind interfaces only = true doing parameter log level = 1 [2006/11/08 09:31:01, 1] smbd/service.c:close_cnum(1141) it-01 (192.168.29.254) closed connection to service MetaSetup