[2007/01/04 16:05:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 39 [2007/01/04 16:05:06, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x27 [2007/01/04 16:05:06, 3] smbd/process.c:process_smb(1110) Transaction 25 of length 43 [2007/01/04 16:05:06, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:06, 5] lib/util.c:show_msg(495) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=22080 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:06, 3] smbd/process.c:switch_message(914) switch message SMBulogoffX (pid 27448) conn 0x0 [2007/01/04 16:05:06, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:06, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:06, 3] smbd/reply.c:reply_ulogoffX(1618) ulogoffX vuid=101 [2007/01/04 16:05:06, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:06, 5] lib/util.c:show_msg(495) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=22080 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:06, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/01/04 16:05:06, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x23 [2007/01/04 16:05:06, 3] smbd/process.c:process_smb(1110) Transaction 26 of length 39 [2007/01/04 16:05:06, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:06, 5] lib/util.c:show_msg(495) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=22144 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:06, 3] smbd/process.c:switch_message(914) switch message SMBtdis (pid 27448) conn 0x555555b8e840 [2007/01/04 16:05:06, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:06, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:06, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:06, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:06, 3] smbd/service.c:close_cnum(1150) sgbitla-02 (131.220.149.9) closed connection to service IPC$ [2007/01/04 16:05:06, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2007/01/04 16:05:06, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to / [2007/01/04 16:05:06, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:06, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:06, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:06, 5] lib/util.c:show_msg(495) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=22144 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:06, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:06, 10] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/01/04 16:05:06, 10] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/01/04 16:05:06, 3] smbd/process.c:timeout_processing(1359) timeout_processing: End of file from client (client has disconnected). [2007/01/04 16:05:06, 5] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/01/04 16:05:06, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/01/04 16:05:06, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:06, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:06, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:06, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2007/01/04 16:05:06, 3] smbd/server.c:exit_server_common(675) Server exit (normal exit) [2007/01/04 16:05:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 174 [2007/01/04 16:05:18, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xae [2007/01/04 16:05:18, 3] smbd/process.c:process_smb(1110) Transaction 81 of length 178 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=174 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=23168 smt_wct=15 smb_vwv[ 0]= 106 (0x6A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 106 (0x6A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=109 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 2E 00 62 00 69 00 74 00 2E .s.m.b.. .b.i.t.. [020] 00 75 00 6E 00 69 00 2D 00 62 00 6F 00 6E 00 6E .u.n.i.- .b.o.n.n [030] 00 2E 00 64 00 65 00 5C 00 68 00 6F 00 6D 00 65 ...d.e.\ .h.o.m.e [040] 00 73 00 5C 00 74 00 68 00 69 00 65 00 6C 00 74 .s.\.t.h .i.e.l.t [050] 00 5C 00 6E 00 65 00 74 00 73 00 68 00 65 00 6C .\.n.e.t .s.h.e.l [060] 00 6C 00 69 00 63 00 6F 00 6E 00 00 00 .l.i.c.o .n... [2007/01/04 16:05:18, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27409) conn 0x555555b97370 [2007/01/04 16:05:18, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb.bit.uni-bonn.de/homes/thielt/netshellicon. after trimming \'s [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb.bit.uni-bonn.de [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: homes [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: thielt/netshellicon [2007/01/04 16:05:18, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/homes req_path = thielt/netshellicon [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "thielt/netshellicon" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [THIELT/NETSHELLICON] [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [THIELT] -> [thielt] [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = thielt/netshellicon, dirpath = thielt, start = netshellicon [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(335) New file netshellicon [2007/01/04 16:05:18, 5] smbd/msdfs.c:is_msdfs_link(269) is_msdfs_link: thielt/netshellicon does not exist. [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb.bit.uni-bonn.de/homes/thielt/netshellicon. [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path thielt/netshellicon [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "thielt/netshellicon" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [THIELT/NETSHELLICON] [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [THIELT] -> [thielt] [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = thielt/netshellicon, dirpath = thielt, start = netshellicon [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(335) New file netshellicon [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2933) call_trans2qfilepathinfo: SMB_VFS_STAT of thielt/netshellicon failed (No such file or directory) [2007/01/04 16:05:18, 10] smbd/trans2.c:set_bad_path_error(2673) set_bad_path_error: err = 2 bad_path = 0 [2007/01/04 16:05:18, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2679) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=23168 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:18, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 174 [2007/01/04 16:05:18, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xae [2007/01/04 16:05:18, 3] smbd/process.c:process_smb(1110) Transaction 82 of length 178 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=174 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=23232 smt_wct=15 smb_vwv[ 0]= 106 (0x6A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 106 (0x6A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=109 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 2E 00 62 00 69 00 74 00 2E .s.m.b.. .b.i.t.. [020] 00 75 00 6E 00 69 00 2D 00 62 00 6F 00 6E 00 6E .u.n.i.- .b.o.n.n [030] 00 2E 00 64 00 65 00 5C 00 68 00 6F 00 6D 00 65 ...d.e.\ .h.o.m.e [040] 00 73 00 5C 00 74 00 68 00 69 00 65 00 6C 00 74 .s.\.t.h .i.e.l.t [050] 00 5C 00 6E 00 65 00 74 00 73 00 68 00 65 00 6C .\.n.e.t .s.h.e.l [060] 00 6C 00 69 00 63 00 6F 00 6E 00 00 00 .l.i.c.o .n... [2007/01/04 16:05:18, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27409) conn 0x555555b97370 [2007/01/04 16:05:18, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb.bit.uni-bonn.de/homes/thielt/netshellicon. after trimming \'s [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb.bit.uni-bonn.de [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: homes [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: thielt/netshellicon [2007/01/04 16:05:18, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/homes req_path = thielt/netshellicon [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "thielt/netshellicon" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [THIELT/NETSHELLICON] [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [THIELT] -> [thielt] [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = thielt/netshellicon, dirpath = thielt, start = netshellicon [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(335) New file netshellicon [2007/01/04 16:05:18, 5] smbd/msdfs.c:is_msdfs_link(269) is_msdfs_link: thielt/netshellicon does not exist. [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb.bit.uni-bonn.de/homes/thielt/netshellicon. [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path thielt/netshellicon [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "thielt/netshellicon" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [THIELT/NETSHELLICON] [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [THIELT] -> [thielt] [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = thielt/netshellicon, dirpath = thielt, start = netshellicon [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled netshellicon ? [2007/01/04 16:05:18, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component netshellicon (len 12) ? [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(335) New file netshellicon [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2933) call_trans2qfilepathinfo: SMB_VFS_STAT of thielt/netshellicon failed (No such file or directory) [2007/01/04 16:05:18, 10] smbd/trans2.c:set_bad_path_error(2673) set_bad_path_error: err = 2 bad_path = 0 [2007/01/04 16:05:18, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2679) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=23232 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:18, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:18, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jan 4 15:55:28 2007 [2007/01/04 16:05:18, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [BIT]\[thielt] from workstation [SGBITLA-02] [2007/01/04 16:05:18, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for thielt (thielt) [2007/01/04 16:05:18, 5] auth/auth_util.c:make_user_info(85) making strings for thielt's user_info struct [2007/01/04 16:05:18, 5] auth/auth_util.c:make_user_info(117) making blobs for thielt's user_info struct [2007/01/04 16:05:18, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for thielt (thielt) [2007/01/04 16:05:18, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [BIT]\[thielt]@[SGBITLA-02] with the new password interface [2007/01/04 16:05:18, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [BIT]\[thielt]@[SGBITLA-02] [2007/01/04 16:05:18, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2007/01/04 16:05:18, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2007/01/04 16:05:18, 5] lib/util.c:dump_data(2222) [000] 7F E8 FD A4 9E 15 5A E0 ......Z. [2007/01/04 16:05:18, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2007/01/04 16:05:18, 8] lib/util.c:is_myname(2043) is_myname("BIT") returns 0 [2007/01/04 16:05:18, 6] auth/auth_sam.c:check_samstrict_security(414) check_samstrict_security: BIT is not one of my local names (ROLE_DOMAIN_MEMBER) [2007/01/04 16:05:18, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: sam had nothing to say [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/01/04 16:05:18, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:18, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_user_info3 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_user_info : 00020004 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_time logon time [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 low : 6b5c92ec [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 high: 01c73010 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_time logoff time [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c low : ffffffff [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 high: 7fffffff [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_time kickoff time [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 low : ffffffff [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 high: 7fffffff [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_time last set time [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c low : cd0c4460 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 high: 01c66a05 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_time can change time [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 low : f7760460 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 high: 01c66ace [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_time must change time [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c low : ffffffff [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 high: 7fffffff [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_unihdr hdr_user_name [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 uni_str_len: 000c [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 uni_max_len: 000e [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 buffer : 00020008 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 00003c smb_io_unihdr hdr_full_name [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003c uni_str_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003e uni_max_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 buffer : 00000000 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_unihdr hdr_logon_script [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0044 uni_str_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0046 uni_max_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 buffer : 00000000 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_unihdr hdr_profile_path [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004c uni_str_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004e uni_max_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 buffer : 00000000 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_unihdr hdr_home_dir [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0054 uni_str_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0056 uni_max_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 buffer : 00000000 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_unihdr hdr_dir_drive [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005c uni_str_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005e uni_max_len: 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 buffer : 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0064 logon_count : 0053 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0066 bad_pw_count : 0000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 user_rid : 00000540 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c group_rid : 00000201 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 num_groups : 00000003 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer_groups : 0002000c [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 user_flgs : 00000120 [2007/01/04 16:05:18, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS account has LOGON_NTLMV2_ENABLED [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 007c user_sess_key: 42 0d 95 86 7a 53 2f ce 5c e1 77 59 06 f0 1d a8 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 00008c smb_io_unihdr hdr_logon_srv [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008c uni_str_len: 0006 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008e uni_max_len: 0008 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0090 buffer : 00020010 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000094 smb_io_unihdr hdr_logon_dom [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0094 uni_str_len: 0006 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0096 uni_max_len: 0008 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0098 buffer : 00020014 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c buffer_dom_id : 00020018 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00a0 lm_sess_key: 2a 50 34 33 04 9e 86 b2 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a8 acct_flags : 00000210 [2007/01/04 16:05:18, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags account has ACB_NORMAL account has ACB_PWNOEXP [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac unkown: 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 unkown: 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 unkown: 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b8 unkown: 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc unkown: 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 num_other_sids: 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc buffer_other_sids: 00000000 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000d0 smb_io_unistr2 uni_user_name [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 uni_max_len: 00000007 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 offset : 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 uni_str_len: 00000006 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00dc buffer : t.h.i.e.l.t. [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e8 smb_io_unistr2 - NULL uni_full_name [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e8 smb_io_unistr2 - NULL uni_logon_script [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e8 smb_io_unistr2 - NULL uni_profile_path [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e8 smb_io_unistr2 - NULL uni_home_dir [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e8 smb_io_unistr2 - NULL uni_dir_drive [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e8 num_groups2 : 00000003 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000ec smb_io_gid [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ec g_rid: 00000783 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f0 attr : 00000007 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000f4 smb_io_gid [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 g_rid: 00000201 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 attr : 00000007 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000fc smb_io_gid [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc g_rid: 00000510 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 attr : 00000007 [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000104 smb_io_unistr2 uni_logon_srv [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0104 uni_max_len: 00000004 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0108 offset : 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 010c uni_str_len: 00000003 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0110 buffer : A.D.2. [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 000116 smb_io_unistr2 uni_logon_dom [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0118 uni_max_len: 00000004 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 011c offset : 00000000 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0120 uni_str_len: 00000003 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0124 buffer : B.I.T. [2007/01/04 16:05:18, 7] rpc_parse/parse_prs.c:prs_debug(84) 00012a smb_io_dom_sid2 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32(704) 012c num_auths: 00000004 [2007/01/04 16:05:18, 8] rpc_parse/parse_prs.c:prs_debug(84) 000130 smb_io_dom_sid sid [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0130 sid_rev_num: 01 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0131 num_auths : 04 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0132 id_auth[0] : 00 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0133 id_auth[1] : 00 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0134 id_auth[2] : 00 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0135 id_auth[3] : 00 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0136 id_auth[4] : 00 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0137 id_auth[5] : 05 [2007/01/04 16:05:18, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0138 sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc [2007/01/04 16:05:18, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user BIT+thielt [2007/01/04 16:05:18, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is bit+thielt [2007/01/04 16:05:18, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [BIT+thielt]! [2007/01/04 16:05:18, 5] auth/auth_util.c:fill_sam_account(1533) fill_sam_account: located username was [BIT+thielt] [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username BIT+thielt, was [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name Thomas Thiel, was [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain FS1, was [2007/01/04 16:05:18, 4] lib/substitute.c:automount_server(407) Home server: fs1 [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path \\fs1\BIT+thielt\profile, was [2007/01/04 16:05:18, 4] lib/substitute.c:automount_server(407) Home server: fs1 [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \\fs1\BIT+thielt, was [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive , was NULL [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script , was [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-3360226385-164282596-2584496617-101318 [2007/01/04 16:05:18, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3360226385-164282596-2584496617-101318 from rid 101318 [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580) pdb_set_nt_username: setting nt username thielt, was [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username thielt, was BIT+thielt [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain BIT, was FS1 [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-184648075-2325076591-520604876-1344 [2007/01/04 16:05:18, 10] nsswitch/wb_client.c:winbind_lookup_sid(112) winbind_lookup_sid: SUCCESS: SID S-1-5-21-184648075-2325076591-520604876-513 -> BIT Domain Users [2007/01/04 16:05:18, 10] passdb/lookup_sid.c:sid_to_gid(1336) sid_to_gid: S-1-5-21-184648075-2325076591-520604876-513 -> 50000 [2007/01/04 16:05:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1071) store_gid_sid_cache: gid 50000 in cache -> S-1-5-21-184648075-2325076591-520604876-513 [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521) pdb_set_group_sid: setting group sid S-1-5-21-184648075-2325076591-520604876-513 [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name , was Thomas Thiel [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script , was [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path , was \\fs1\BIT+thielt\profile [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir , was \\fs1\BIT+thielt [2007/01/04 16:05:18, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive , was [2007/01/04 16:05:18, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: winbind authentication for user [thielt] succeeded [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/01/04 16:05:18, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:18, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [BIT+thielt] succeeded [2007/01/04 16:05:18, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [thielt] -> [thielt] -> [BIT+thielt] succeeded [2007/01/04 16:05:18, 5] auth/auth_util.c:free_user_info(1867) attempting to free (and zero) a user_info structure [2007/01/04 16:05:18, 10] auth/auth_util.c:free_user_info(1871) structure was created for thielt [2007/01/04 16:05:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1027) fetch gid from cache 50040 -> S-1-5-32-544 [2007/01/04 16:05:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1027) fetch gid from cache 50041 -> S-1-5-32-545 [2007/01/04 16:05:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-184648075-2325076591-520604876-1344] [2007/01/04 16:05:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-184648075-2325076591-520604876-1923] [2007/01/04 16:05:18, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/01/04 16:05:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2007/01/04 16:05:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-184648075-2325076591-520604876-513] [2007/01/04 16:05:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-184648075-2325076591-520604876-1296] [2007/01/04 16:05:18, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-545] [2007/01/04 16:05:18, 10] nsswitch/wb_client.c:winbind_lookup_sid(112) winbind_lookup_sid: SUCCESS: SID S-1-5-21-184648075-2325076591-520604876-1923 -> BIT sekretariat [2007/01/04 16:05:18, 10] passdb/lookup_sid.c:sid_to_gid(1336) sid_to_gid: S-1-5-21-184648075-2325076591-520604876-1923 -> 50037 [2007/01/04 16:05:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1071) store_gid_sid_cache: gid 50037 in cache -> S-1-5-21-184648075-2325076591-520604876-1923 [2007/01/04 16:05:18, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-1-0 to gid, ignoring it [2007/01/04 16:05:18, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-2 to gid, ignoring it [2007/01/04 16:05:18, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-11 to gid, ignoring it [2007/01/04 16:05:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1027) fetch gid from cache 50000 -> S-1-5-21-184648075-2325076591-520604876-513 [2007/01/04 16:05:18, 10] nsswitch/wb_client.c:winbind_lookup_sid(112) winbind_lookup_sid: SUCCESS: SID S-1-5-21-184648075-2325076591-520604876-1296 -> BIT sgbit [2007/01/04 16:05:18, 10] passdb/lookup_sid.c:sid_to_gid(1336) sid_to_gid: S-1-5-21-184648075-2325076591-520604876-1296 -> 50018 [2007/01/04 16:05:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1071) store_gid_sid_cache: gid 50018 in cache -> S-1-5-21-184648075-2325076591-520604876-1296 [2007/01/04 16:05:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1027) fetch gid from cache 50041 -> S-1-5-32-545 [2007/01/04 16:05:18, 10] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:18, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(133) Got NT session key of length 16 [2007/01/04 16:05:18, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(140) Got LM session key of length 8 [2007/01/04 16:05:18, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(805) ntlmssp_server_auth: Created NTLM2 session key. [2007/01/04 16:05:18, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/01/04 16:05:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2007/01/04 16:05:18, 10] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2007/01/04 16:05:18, 10] lib/util_pw.c:getpwnam_alloc(76) Got BIT+thielt from pwnam_cache [2007/01/04 16:05:18, 10] smbd/password.c:register_vuid(277) register_vuid: (50159,50000) BIT+thielt thielt BIT guest=0 [2007/01/04 16:05:18, 3] smbd/password.c:register_vuid(280) User name: BIT+thielt Real name: [2007/01/04 16:05:18, 3] smbd/password.c:register_vuid(301) UNIX uid 50159 is UNIX user BIT+thielt, and will be vuid 101 [2007/01/04 16:05:18, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find BIT+thielt [2007/01/04 16:05:18, 3] smbd/password.c:register_vuid(332) Adding homes service for user 'BIT+thielt' using home directory: '/home/BIT/thielt' [2007/01/04 16:05:18, 8] param/loadparm.c:add_a_service(2495) add_a_service: Creating snum = 18 for thielt [2007/01/04 16:05:18, 10] param/loadparm.c:hash_a_service(2542) hash_a_service: hashing index 18 for service name thielt [2007/01/04 16:05:18, 3] param/loadparm.c:lp_add_home(2588) adding home's share [thielt] for user 'BIT+thielt' at '/opt/export/homes' [2007/01/04 16:05:18, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jan 4 15:55:28 2007 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=136 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=93 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 33 00 64 00 2D 00 36 ...0...2 .3.d.-.6 [030] 00 2D 00 31 00 30 00 38 00 33 00 2D 00 53 00 55 .-.1.0.8 .3.-.S.U [040] 00 53 00 45 00 2D 00 53 00 4C 00 31 00 30 00 2E .S.E.-.S .L.1.0.. [050] 00 32 00 00 00 42 00 49 00 54 00 00 00 .2...B.I .T... [2007/01/04 16:05:18, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 82 [2007/01/04 16:05:18, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x52 [2007/01/04 16:05:18, 3] smbd/process.c:process_smb(1110) Transaction 3 of length 86 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=82 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 82 (0x52) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=39 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 5C 00 42 00 49 00 54 00 53 00 4D 00 42 .\.\.B.I .T.S.M.B [010] 00 5C 00 47 00 52 00 4F 00 55 00 50 00 53 00 00 .\.G.R.O .U.P.S.. [020] 00 3F 3F 3F 3F 3F 00 .?????. [2007/01/04 16:05:18, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 27450) conn 0x0 [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:18, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:18, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [GROUPS] [2007/01/04 16:05:18, 5] smbd/service.c:make_connection(1125) making a connection to 'normal' service groups [2007/01/04 16:05:18, 10] smbd/share_access.c:user_ok_token(229) user_ok_token: share groups is ok for unix user BIT+thielt [2007/01/04 16:05:18, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user BIT+thielt [2007/01/04 16:05:18, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is bit+thielt [2007/01/04 16:05:18, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [BIT+thielt]! [2007/01/04 16:05:18, 10] smbd/service.c:set_conn_connectpath(122) set_conn_connectpath: service groups, connectpath = /opt/export/groups [2007/01/04 16:05:18, 3] smbd/service.c:make_connection_snum(761) Connect path is '/opt/export/groups' for service [groups] [2007/01/04 16:05:18, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for groups [2007/01/04 16:05:18, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/01/04 16:05:18, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:18, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:18, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/01/04 16:05:18, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/01/04 16:05:18, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2007/01/04 16:05:18, 5] smbd/connection.c:claim_connection(170) claiming groups 0 [2007/01/04 16:05:18, 10] smbd/share_access.c:user_ok_token(229) user_ok_token: share groups is ok for unix user BIT+thielt [2007/01/04 16:05:18, 10] smbd/share_access.c:is_share_read_only_for_token(271) is_share_read_only_for_user: share groups is read-write for unix user BIT+thielt [2007/01/04 16:05:18, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for groups [2007/01/04 16:05:18, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/01/04 16:05:18, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:18, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:18, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/01/04 16:05:18, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/01/04 16:05:18, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for groups [2007/01/04 16:05:18, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/01/04 16:05:18, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:18, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:18, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/01/04 16:05:18, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:18, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:18, 1] smbd/service.c:make_connection_snum(950) sgbitla-02 (131.220.149.9) connect to service groups initially as user BIT+thielt (uid=50159, gid=50000) (pid 27450) [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:18, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:18, 2] smbd/reply.c:reply_tcon_and_X(711) Serving groups as a Dfs root [2007/01/04 16:05:18, 3] smbd/reply.c:reply_tcon_and_X(716) tconX service=GROUPS [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=54 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=13 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... [2007/01/04 16:05:18, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:18, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:18, 3] smbd/process.c:process_smb(1110) Transaction 4 of length 120 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=256 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:18, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:18, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:18, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:18, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /opt/export/groups [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:18, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [COSEC] [2007/01/04 16:05:18, 5] smbd/statcache.c:stat_cache_add(140) stat_cache_add: Added entry (555555b8c180:size6) COSEC -> cosec [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(180) conversion finished cosec -> cosec [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:18, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:18, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:18, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:18, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=256 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:18, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:18, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:18, 3] smbd/process.c:process_smb(1110) Transaction 5 of length 120 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=320 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:18, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:18, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:18, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:18, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:18, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:18, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:18, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=320 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:18, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:18, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:18, 3] smbd/process.c:process_smb(1110) Transaction 6 of length 120 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=384 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:18, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:18, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:18, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:18, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:18, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:18, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:18, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:18, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:18, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:18, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:18, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:18, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:18, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:18, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:18, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=384 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:18, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:18, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x68 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 7 of length 108 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=448 smt_wct=15 smb_vwv[ 0]= 36 (0x24) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 36 (0x24) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=39 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 00 00 .p.s... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "" [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(137) conversion finished "" -> . [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: . [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Fri Apr 21 12:26:43 2006 access: Thu Jan 4 16:04:55 2007 write: Fri Apr 21 12:26:43 2006 change: Fri Apr 21 12:26:43 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 33 7C 15 2E 65 C6 01 80 C5 44 ......3| ..e....D [010] B1 11 30 C7 01 80 33 7C 15 2E 65 C6 01 80 33 7C ..0...3| ..e...3| [020] 15 2E 65 C6 01 10 00 00 00 00 00 00 00 ..e..... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 122 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7a [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 8 of length 126 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=122 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=512 smt_wct=15 smb_vwv[ 0]= 54 (0x36) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 54 (0x36) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=57 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C 00 67 .b.i.t.s .m.b.\.g [020] 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 00 6F .r.o.u.p .s.\.c.o [030] 00 73 00 65 00 63 00 00 00 .s.e.c.. . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2findfirst(1662) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2findfirst(1719) dir=./, mask = cosec [2007/01/04 16:05:20, 5] smbd/dir.c:dptr_create(392) dptr_create dir=./ [2007/01/04 16:05:20, 3] smbd/dir.c:dptr_create(512) creating new dirptr 256 for path ./, expect_close = 1 [2007/01/04 16:05:20, 4] smbd/trans2.c:call_trans2findfirst(1775) dptr_num is 256, wcard = cosec, attr = 22 [2007/01/04 16:05:20, 8] smbd/trans2.c:call_trans2findfirst(1780) dirpath=<./> dontdescend=<> [2007/01/04 16:05:20, 8] smbd/trans2.c:get_lanman2_dir_entry(1110) get_lanman2_dir_entry:readdir on dirptr 0x555555b8cbc0 now at offset -1 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: ./cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 5] smbd/trans2.c:get_lanman2_dir_entry(1197) get_lanman2_dir_entry found ./cosec fname=cosec [2007/01/04 16:05:20, 10] smbd/trans2.c:get_lanman2_dir_entry(1340) get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2findfirst(1828) call_trans2findfirst - (2) closing dptr_num 256 [2007/01/04 16:05:20, 4] smbd/dir.c:dptr_close_internal(239) closing dptr key 256 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=512 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [010] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [020] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [030] 3E 1E 1D C7 01 00 00 00 00 00 00 00 00 00 00 00 >....... ........ [040] 00 00 00 00 00 10 00 00 00 0A 00 00 00 00 00 00 ........ ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 63 00 6F 00 73 ........ ...c.o.s [070] 00 65 00 63 00 .e.c. [2007/01/04 16:05:20, 4] smbd/trans2.c:call_trans2findfirst(1864) SMBtrans2 mask=cosec directory=./ dirtype=22 numentries=1 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 9 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=576 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=576 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 10 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=640 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=640 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 11 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=704 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=704 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 126 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7e [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 12 of length 130 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=126 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=768 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=10240 (0x2800) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=32768 (0x8000) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=43 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C .\.b.i.t .s.m.b.\ [010] 00 67 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 .g.r.o.u .p.s.\.c [020] 00 6F 00 73 00 65 00 63 00 00 00 .o.s.e.c ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x10, access_mask = 0x100080 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/dosmode.c:unix_mode(147) unix_mode(cosec) returning 0744 [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1144) open_file_ntcreate: fname=cosec, dos_attrs=0x80 access_mask=0x100080 share_access=0x3 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1306) open_file_ntcreate: fname=cosec, after mapping access_mask=0x100080 [2007/01/04 16:05:20, 5] smbd/files.c:file_new(126) allocated file structure 8938, fnum = 13034 (1 used) [2007/01/04 16:05:20, 4] smbd/open.c:open_file_ntcreate(1545) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x100080, open_access_mask = 0x100080 [2007/01/04 16:05:20, 5] smbd/files.c:file_free(448) freed files structure 13034 (0 used) [2007/01/04 16:05:20, 5] smbd/open.c:open_directory(1866) open_directory: opening directory cosec, access_mask = 0x100080, share_access = 0x3 create_options = 0x200000, create_disposition = 0x1 [2007/01/04 16:05:20, 5] smbd/files.c:file_new(126) allocated file structure 8939, fnum = 13035 (1 used) [2007/01/04 16:05:20, 10] locking/locking.c:unparse_share_modes(654) unparse_share_modes: del: 0, initial del 0, tok = 0, num: 1 [2007/01/04 16:05:20, 10] locking/locking.c:print_share_mode_table(473) print_share_mode_table: share_mode_entry[0]: pid = 27450, share_access = 0x3, private_options = 0x200000, access_mask = 0x100080, mid = 0x0, type= 0x0, file_id = 2, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 5] smbd/nttrans.c:reply_ntcreate_and_X(905) reply_ntcreate_and_X: fnum = 13035, open name = cosec [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=768 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=60160 (0xEB00) smb_vwv[ 3]= 306 (0x132) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]= 936 (0x3A8) smb_vwv[ 7]= 7742 (0x1E3E) smb_vwv[ 8]=50973 (0xC71D) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]=16310 (0x3FB6) smb_vwv[11]= 4532 (0x11B4) smb_vwv[12]=50992 (0xC730) smb_vwv[13]=32769 (0x8001) smb_vwv[14]= 936 (0x3A8) smb_vwv[15]= 7742 (0x1E3E) smb_vwv[16]=50973 (0xC71D) smb_vwv[17]=32769 (0x8001) smb_vwv[18]= 936 (0x3A8) smb_vwv[19]= 7742 (0x1E3E) smb_vwv[20]=50973 (0xC71D) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 1792 (0x700) smb_vwv[33]= 256 (0x100) smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 13 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=832 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EE 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1006 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 10] locking/locking.c:parse_share_modes(501) parse_share_modes: delete_on_close: 0, initial_delete_on_close: 0, num_share_modes: 1 [2007/01/04 16:05:20, 10] locking/locking.c:parse_share_modes(594) parse_share_modes: share_mode_entry[0]: pid = 27450, share_access = 0x3, private_options = 0x200000, access_mask = 0x100080, mid = 0x0, type= 0x0, file_id = 2, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1006 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3299) call_trans2qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=832 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 02 C0 49 06 03 FD 00 00 .......I ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x54 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 14 of length 88 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=896 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 64 (0x40) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 168 (0xA8) smb_vwv[20]= 9 (0x9) smb_vwv[21]=13035 (0x32EB) smb_vwv[22]= 1 (0x1) smb_bcc=3 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBnttrans (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_nttrans(2950) reply_nttrans: state->setup_count = 8 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] A8 00 09 00 EB 32 01 00 .....2.. [2007/01/04 16:05:20, 10] smbd/nttrans.c:call_nt_transact_ioctl(2119) call_nt_transact_ioctl: function[0x000900A8] FID[0x32EB] isFSctl[0x01] compfilter[0x00] [2007/01/04 16:05:20, 10] smbd/nttrans.c:call_nt_transact_ioctl(2150) FSCTL_GET_REPARSE_POINT: called on FID[0x32EB](but not implemented) [2007/01/04 16:05:20, 3] smbd/error.c:error_packet(146) error packet at smbd/nttrans.c(90) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0xa0 smb_rcls=117 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=896 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 15 of length 45 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=3 smb_vwv[ 0]=13035 (0x32EB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/reply.c:reply_close(3298) close directory fnum=13035 [2007/01/04 16:05:20, 10] locking/locking.c:parse_share_modes(501) parse_share_modes: delete_on_close: 0, initial_delete_on_close: 0, num_share_modes: 1 [2007/01/04 16:05:20, 10] locking/locking.c:parse_share_modes(594) parse_share_modes: share_mode_entry[0]: pid = 27450, share_access = 0x3, private_options = 0x200000, access_mask = 0x100080, mid = 0x0, type= 0x0, file_id = 2, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:20, 5] smbd/files.c:file_free(448) freed files structure 13035 (0 used) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x68 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 16 of length 108 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1024 smt_wct=15 smb_vwv[ 0]= 36 (0x24) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 36 (0x24) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=39 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 00 00 .p.s... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "" [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(137) conversion finished "" -> . [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: . [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Fri Apr 21 12:26:43 2006 access: Thu Jan 4 16:04:55 2007 write: Fri Apr 21 12:26:43 2006 change: Fri Apr 21 12:26:43 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 33 7C 15 2E 65 C6 01 80 C5 44 ......3| ..e....D [010] B1 11 30 C7 01 80 33 7C 15 2E 65 C6 01 80 33 7C ..0...3| ..e...3| [020] 15 2E 65 C6 01 10 00 00 00 00 00 00 00 ..e..... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 70 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x46 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 17 of length 74 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1088 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 05 01 ..... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfsinfo(2167) call_trans2qfsinfo: level = 261 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 2B 00 00 00 FF 00 00 00 08 00 00 00 4E 00 54 .+...... .....N.T [010] 00 46 00 53 00 .F.S. [2007/01/04 16:05:20, 4] smbd/trans2.c:call_trans2qfsinfo(2508) SMBtrans2 info_level = 261 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 18 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1152 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1152 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7c [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 19 of length 128 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=124 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1216 smt_wct=15 smb_vwv[ 0]= 56 (0x38) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 56 (0x38) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=59 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 2E 00 64 00 6C 00 6C 00 00 00 ...d.l.l ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec.dll. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec.dll [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec.dll [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec.dll" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [COSEC.DLL] [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = cosec.dll, dirpath = , start = cosec.dll [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(335) New file cosec.dll [2007/01/04 16:05:20, 5] smbd/msdfs.c:is_msdfs_link(269) is_msdfs_link: cosec.dll does not exist. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec.dll. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec.dll [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec.dll" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [COSEC.DLL] [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = cosec.dll, dirpath = , start = cosec.dll [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(335) New file cosec.dll [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2933) call_trans2qfilepathinfo: SMB_VFS_STAT of cosec.dll failed (No such file or directory) [2007/01/04 16:05:20, 10] smbd/trans2.c:set_bad_path_error(2673) set_bad_path_error: err = 2 bad_path = 0 [2007/01/04 16:05:20, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2679) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1216 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7c [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 20 of length 128 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=124 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1280 smt_wct=15 smb_vwv[ 0]= 56 (0x38) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 56 (0x38) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=59 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 2E 00 64 00 6C 00 6C 00 00 00 ...d.l.l ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec.dll. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec.dll [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec.dll [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec.dll" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [COSEC.DLL] [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = cosec.dll, dirpath = , start = cosec.dll [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(335) New file cosec.dll [2007/01/04 16:05:20, 5] smbd/msdfs.c:is_msdfs_link(269) is_msdfs_link: cosec.dll does not exist. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec.dll. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec.dll [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec.dll" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [COSEC.DLL] [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = cosec.dll, dirpath = , start = cosec.dll [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled cosec.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component cosec.dll (len 9) ? [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(335) New file cosec.dll [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2933) call_trans2qfilepathinfo: SMB_VFS_STAT of cosec.dll failed (No such file or directory) [2007/01/04 16:05:20, 10] smbd/trans2.c:set_bad_path_error(2673) set_bad_path_error: err = 2 bad_path = 0 [2007/01/04 16:05:20, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2679) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1280 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 21 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1344 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1344 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 126 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7e [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 22 of length 130 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=126 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1408 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=10240 (0x2800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=43 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C .\.b.i.t .s.m.b.\ [010] 00 67 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 .g.r.o.u .p.s.\.c [020] 00 6F 00 73 00 65 00 63 00 00 00 .o.s.e.c ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/dosmode.c:unix_mode(147) unix_mode(cosec) returning 0744 [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1144) open_file_ntcreate: fname=cosec, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1306) open_file_ntcreate: fname=cosec, after mapping access_mask=0x20089 [2007/01/04 16:05:20, 5] smbd/files.c:file_new(126) allocated file structure 8940, fnum = 13036 (1 used) [2007/01/04 16:05:20, 4] smbd/open.c:open_file_ntcreate(1545) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2007/01/04 16:05:20, 10] smbd/open.c:fd_open(56) fd_open: name cosec, flags = 00 mode = 0744, fd = -1. Permission denied [2007/01/04 16:05:20, 3] smbd/open.c:open_file(278) Error opening file cosec (Permission denied) (local_flags=0) (flags=0) [2007/01/04 16:05:20, 5] smbd/files.c:file_free(448) freed files structure 13036 (0 used) [2007/01/04 16:05:20, 10] smbd/trans2.c:set_bad_path_error(2673) set_bad_path_error: err = 13 bad_path = 0 [2007/01/04 16:05:20, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2007/01/04 16:05:20, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2682) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1408 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 126 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7e [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 23 of length 130 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=126 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1472 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=10240 (0x2800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=43 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C .\.b.i.t .s.m.b.\ [010] 00 67 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 .g.r.o.u .p.s.\.c [020] 00 6F 00 73 00 65 00 63 00 00 00 .o.s.e.c ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/dosmode.c:unix_mode(147) unix_mode(cosec) returning 0744 [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1144) open_file_ntcreate: fname=cosec, dos_attrs=0x80 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1306) open_file_ntcreate: fname=cosec, after mapping access_mask=0x20089 [2007/01/04 16:05:20, 5] smbd/files.c:file_new(126) allocated file structure 8941, fnum = 13037 (1 used) [2007/01/04 16:05:20, 4] smbd/open.c:open_file_ntcreate(1545) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2007/01/04 16:05:20, 10] smbd/open.c:fd_open(56) fd_open: name cosec, flags = 00 mode = 0744, fd = -1. Permission denied [2007/01/04 16:05:20, 3] smbd/open.c:open_file(278) Error opening file cosec (Permission denied) (local_flags=0) (flags=0) [2007/01/04 16:05:20, 5] smbd/files.c:file_free(448) freed files structure 13037 (0 used) [2007/01/04 16:05:20, 10] smbd/trans2.c:set_bad_path_error(2673) set_bad_path_error: err = 13 bad_path = 0 [2007/01/04 16:05:20, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2007/01/04 16:05:20, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2682) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1472 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 126 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7e [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 24 of length 130 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=126 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1536 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=10240 (0x2800) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=43 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C .\.b.i.t .s.m.b.\ [010] 00 67 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 .g.r.o.u .p.s.\.c [020] 00 6F 00 73 00 65 00 63 00 00 00 .o.s.e.c ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/dosmode.c:unix_mode(147) unix_mode(cosec) returning 0744 [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1144) open_file_ntcreate: fname=cosec, dos_attrs=0x80 access_mask=0x20089 share_access=0x0 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1306) open_file_ntcreate: fname=cosec, after mapping access_mask=0x20089 [2007/01/04 16:05:20, 5] smbd/files.c:file_new(126) allocated file structure 8942, fnum = 13038 (1 used) [2007/01/04 16:05:20, 4] smbd/open.c:open_file_ntcreate(1545) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2007/01/04 16:05:20, 10] smbd/open.c:fd_open(56) fd_open: name cosec, flags = 00 mode = 0744, fd = -1. Permission denied [2007/01/04 16:05:20, 3] smbd/open.c:open_file(278) Error opening file cosec (Permission denied) (local_flags=0) (flags=0) [2007/01/04 16:05:20, 5] smbd/files.c:file_free(448) freed files structure 13038 (0 used) [2007/01/04 16:05:20, 10] smbd/trans2.c:set_bad_path_error(2673) set_bad_path_error: err = 13 bad_path = 0 [2007/01/04 16:05:20, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2007/01/04 16:05:20, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2682) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1536 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 180 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xb4 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 83 of length 184 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=180 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=23296 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=24064 (0x5E00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=97 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 62 00 69 00 74 00 73 00 6D 00 62 00 2E .\.b.i.t .s.m.b.. [010] 00 62 00 69 00 74 00 2E 00 75 00 6E 00 69 00 2D .b.i.t.. .u.n.i.- [020] 00 62 00 6F 00 6E 00 6E 00 2E 00 64 00 65 00 5C .b.o.n.n ...d.e.\ [030] 00 68 00 6F 00 6D 00 65 00 73 00 5C 00 74 00 68 .h.o.m.e .s.\.t.h [040] 00 69 00 65 00 6C 00 74 00 5C 00 72 00 73 00 68 .i.e.l.t .\.r.s.h [050] 00 78 00 33 00 32 00 2E 00 64 00 6C 00 6C 00 00 .x.3.2.. .d.l.l.. [060] 00 . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27409) conn 0x555555b97370 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb.bit.uni-bonn.de/homes/thielt/rshx32.dll. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb.bit.uni-bonn.de [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: homes [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: thielt/rshx32.dll [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/homes req_path = thielt/rshx32.dll [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "thielt/rshx32.dll" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [THIELT/RSHX32.DLL] [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [THIELT] -> [thielt] [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = thielt/rshx32.dll, dirpath = thielt, start = rshx32.dll [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled rshx32.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component rshx32.dll (len 10) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled rshx32.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component rshx32.dll (len 10) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled rshx32.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component rshx32.dll (len 10) ? [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(335) New file rshx32.dll [2007/01/04 16:05:20, 5] smbd/msdfs.c:is_msdfs_link(269) is_msdfs_link: thielt/rshx32.dll does not exist. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb.bit.uni-bonn.de/homes/thielt/rshx32.dll. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path thielt/rshx32.dll [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "thielt/rshx32.dll" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [THIELT/RSHX32.DLL] [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [THIELT] -> [thielt] [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = thielt/rshx32.dll, dirpath = thielt, start = rshx32.dll [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled rshx32.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component rshx32.dll (len 10) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled rshx32.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component rshx32.dll (len 10) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled rshx32.dll ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component rshx32.dll (len 10) ? [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(335) New file rshx32.dll [2007/01/04 16:05:20, 3] smbd/dosmode.c:unix_mode(147) unix_mode(thielt/rshx32.dll) returning 0744 [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1144) open_file_ntcreate: fname=thielt/rshx32.dll, dos_attrs=0x80 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 [2007/01/04 16:05:20, 5] smbd/open.c:open_file_ntcreate(1220) open_file_ntcreate: FILE_OPEN requested for file thielt/rshx32.dll and file doesn't exist. [2007/01/04 16:05:20, 10] smbd/trans2.c:set_bad_path_error(2673) set_bad_path_error: err = 2 bad_path = 0 [2007/01/04 16:05:20, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2679) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=23296 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 25 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1600 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1600 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 70 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x46 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 26 of length 74 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1664 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 05 01 ..... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfsinfo(2167) call_trans2qfsinfo: level = 261 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1664 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 2B 00 00 00 FF 00 00 00 08 00 00 00 4E 00 54 .+...... .....N.T [010] 00 46 00 53 00 .F.S. [2007/01/04 16:05:20, 4] smbd/trans2.c:call_trans2qfsinfo(2508) SMBtrans2 info_level = 261 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 126 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7e [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 27 of length 130 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=126 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1728 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=10240 (0x2800) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 3584 (0xE00) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=43 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C .\.b.i.t .s.m.b.\ [010] 00 67 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 .g.r.o.u .p.s.\.c [020] 00 6F 00 73 00 65 00 63 00 00 00 .o.s.e.c ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x10, access_mask = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/dosmode.c:unix_mode(147) unix_mode(cosec) returning 0744 [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1144) open_file_ntcreate: fname=cosec, dos_attrs=0x0 access_mask=0x10e0000 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/open.c:open_file_ntcreate(1306) open_file_ntcreate: fname=cosec, after mapping access_mask=0x10e0000 [2007/01/04 16:05:20, 5] smbd/files.c:file_new(126) allocated file structure 8943, fnum = 13039 (1 used) [2007/01/04 16:05:20, 4] smbd/open.c:open_file_ntcreate(1545) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x10e0000, open_access_mask = 0x10e0000 [2007/01/04 16:05:20, 5] smbd/files.c:file_free(448) freed files structure 13039 (0 used) [2007/01/04 16:05:20, 5] smbd/open.c:open_directory(1866) open_directory: opening directory cosec, access_mask = 0x10e0000, share_access = 0x3 create_options = 0x0, create_disposition = 0x1 [2007/01/04 16:05:20, 5] smbd/files.c:file_new(126) allocated file structure 8944, fnum = 13040 (1 used) [2007/01/04 16:05:20, 10] locking/locking.c:unparse_share_modes(654) unparse_share_modes: del: 0, initial del 0, tok = 0, num: 1 [2007/01/04 16:05:20, 10] locking/locking.c:print_share_mode_table(473) print_share_mode_table: share_mode_entry[0]: pid = 27450, share_access = 0x3, private_options = 0x0, access_mask = 0x10e0000, mid = 0x0, type= 0x0, file_id = 7, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 5] smbd/nttrans.c:reply_ntcreate_and_X(905) reply_ntcreate_and_X: fnum = 13040, open name = cosec [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1728 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=61440 (0xF000) smb_vwv[ 3]= 306 (0x132) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]= 936 (0x3A8) smb_vwv[ 7]= 7742 (0x1E3E) smb_vwv[ 8]=50973 (0xC71D) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]=16310 (0x3FB6) smb_vwv[11]= 4532 (0x11B4) smb_vwv[12]=50992 (0xC730) smb_vwv[13]=32769 (0x8001) smb_vwv[14]= 936 (0x3A8) smb_vwv[15]= 7742 (0x1E3E) smb_vwv[16]=50973 (0xC71D) smb_vwv[17]=32769 (0x8001) smb_vwv[18]= 936 (0x3A8) smb_vwv[19]= 7742 (0x1E3E) smb_vwv[20]=50973 (0xC71D) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 1792 (0x700) smb_vwv[33]= 256 (0x100) smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 72 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x48 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 28 of length 76 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1792 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 F0 32 EE 03 ....2.. [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2852) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2007/01/04 16:05:20, 10] locking/locking.c:parse_share_modes(501) parse_share_modes: delete_on_close: 0, initial_delete_on_close: 0, num_share_modes: 1 [2007/01/04 16:05:20, 10] locking/locking.c:parse_share_modes(594) parse_share_modes: share_mode_entry[0]: pid = 27450, share_access = 0x3, private_options = 0x0, access_mask = 0x10e0000, mid = 0x0, type= 0x0, file_id = 7, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = 13040) level=1006 call=7 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3299) call_trans2qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=1792 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 02 C0 49 06 03 FD 00 00 .......I ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 29 of length 45 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1856 smt_wct=3 smb_vwv[ 0]=13040 (0x32F0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/reply.c:reply_close(3298) close directory fnum=13040 [2007/01/04 16:05:20, 10] locking/locking.c:parse_share_modes(501) parse_share_modes: delete_on_close: 0, initial_delete_on_close: 0, num_share_modes: 1 [2007/01/04 16:05:20, 10] locking/locking.c:parse_share_modes(594) parse_share_modes: share_mode_entry[0]: pid = 27450, share_access = 0x3, private_options = 0x0, access_mask = 0x10e0000, mid = 0x0, type= 0x0, file_id = 7, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:20, 5] smbd/files.c:file_free(448) freed files structure 13040 (0 used) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1856 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 78 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x4e [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 30 of length 82 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=78 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 78 (0x4E) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=35 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 5C 00 42 00 49 00 54 00 53 00 4D 00 42 .\.\.B.I .T.S.M.B [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? [020] 3F 3F 00 ??. [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 27450) conn 0x0 [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:20, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:20, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [IPC$] [2007/01/04 16:05:20, 5] smbd/service.c:make_connection(1125) making a connection to 'normal' service ipc$ [2007/01/04 16:05:20, 10] smbd/share_access.c:user_ok_token(229) user_ok_token: share IPC$ is ok for unix user BIT+thielt [2007/01/04 16:05:20, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user BIT+thielt [2007/01/04 16:05:20, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is bit+thielt [2007/01/04 16:05:20, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [BIT+thielt]! [2007/01/04 16:05:20, 10] smbd/service.c:set_conn_connectpath(122) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2007/01/04 16:05:20, 3] smbd/service.c:make_connection_snum(761) Connect path is '/var/tmp' for service [IPC$] [2007/01/04 16:05:20, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2007/01/04 16:05:20, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/01/04 16:05:20, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/01/04 16:05:20, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/01/04 16:05:20, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2007/01/04 16:05:20, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2007/01/04 16:05:20, 10] smbd/share_access.c:user_ok_token(229) user_ok_token: share IPC$ is ok for unix user BIT+thielt [2007/01/04 16:05:20, 10] smbd/share_access.c:is_share_read_only_for_token(271) is_share_read_only_for_user: share IPC$ is read-only for unix user BIT+thielt [2007/01/04 16:05:20, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2007/01/04 16:05:20, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/01/04 16:05:20, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2007/01/04 16:05:20, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:20, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:20, 3] smbd/service.c:make_connection_snum(950) sgbitla-02 (131.220.149.9) connect to service IPC$ initially as user BIT+thielt (uid=50159, gid=50000) (pid 27450) [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:20, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:20, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/01/04 16:05:20, 3] smbd/reply.c:reply_tcon_and_X(716) tconX service=IPC$ [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=7 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 49 50 43 00 00 00 00 IPC.... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 31 of length 104 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=1984 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:20, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:20, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /var/tmp [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:20, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2007/01/04 16:05:20, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 748a (pipes_open=1) [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=748a [2007/01/04 16:05:20, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=1984 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=35328 (0x8A00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 32 of length 140 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2048 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29834 (0x748A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. [030] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748a [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748a (pipes_open=1) [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748a name: lsarpc open: Yes len: 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 3919286a [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : b10c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 11d0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 9b a8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 00 c0 4f d9 2e f5 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/01/04 16:05:20, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=748a nwritten=72 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2048 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 33 of length 63 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29834 (0x748A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748a [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748a (pipes_open=1) [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748a name: lsarpc len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/01/04 16:05:20, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=748a min=1024 max=1024 nread=68 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 110 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x6e [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 34 of length 114 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=110 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2176 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29834 (0x748A) smb_bcc=43 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ [020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=26 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748a [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748a (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 748a) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b8da30 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748a name: lsarpc open: Yes len: 26 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 26 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 10 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 001a [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 10 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x0 - unknown [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 23 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0020 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(793) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c reserved: 00000000 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 10 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748a name: lsarpc len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2176 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 35 of length 45 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=3 smb_vwv[ 0]=29834 (0x748A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748a [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748a (pipes_open=1) [2007/01/04 16:05:20, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:748a [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=748a (pipes_open=0) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 36 of length 104 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2304 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:20, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \winreg. [2007/01/04 16:05:20, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe winreg opening. [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested winreg (pipes_open=0) [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested winreg [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe winreg (pipes_open=0) [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe winreg with handle 748b (pipes_open=1) [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name winreg pnum=748b [2007/01/04 16:05:20, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \winreg [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2304 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=35584 (0x8B00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 37 of length 140 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29835 (0x748B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748b name: winreg open: Yes len: 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 338cd001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 2244 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 31f1 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : aa aa [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 90 00 38 00 10 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\winreg [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\winreg [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\winreg. [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/01/04 16:05:20, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=748b nwritten=72 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 38 of length 63 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29835 (0x748B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748b name: winreg len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/01/04 16:05:20, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=748b min=1024 max=1024 nread=68 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 120 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x78 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 39 of length 124 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2496 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29835 (0x748B) smb_bcc=53 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 7C F9 F4 02 D8 51 01 ........ .|....Q. [030] 00 00 00 00 02 ..... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=36 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748b) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b564f0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748b name: winreg open: Yes len: 36 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0002 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 0x555555668070 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_hive [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 02f4f97c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 server: 51d8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 access: 02000000 [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(50159, 50000) : sec_ctx_stack_ndx = 1 [2007/01/04 16:05:20, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 10] registry/reg_db.c:regdb_open(265) regdb_open: refcount reset (1) [2007/01/04 16:05:20, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM] [2007/01/04 16:05:20, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM] [2007/01/04 16:05:20, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM] [2007/01/04 16:05:20, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2007/01/04 16:05:20, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_hive [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 538 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 20 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748b name: winreg len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2496 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 00 00 00 ........ E:k..... [030] 00 . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 252 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xfc [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 40 of length 256 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=252 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2560 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29835 (0x748B) smb_bcc=185 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 A8 00 00 00 02 00 00 ........ ........ [020] 00 90 00 00 00 00 00 0F 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 60 00 60 ........ E:k..`.` [040] 00 68 1D 89 5B 30 00 00 00 00 00 00 00 30 00 00 .h..[0.. .....0.. [050] 00 73 00 79 00 73 00 74 00 65 00 6D 00 5C 00 63 .s.y.s.t .e.m.\.c [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 63 00 6F .u.r.r.e .n.t.c.o [070] 00 6E 00 74 00 72 00 6F 00 6C 00 73 00 65 00 74 .n.t.r.o .l.s.e.t [080] 00 5C 00 63 00 6F 00 6E 00 74 00 72 00 6F 00 6C .\.c.o.n .t.r.o.l [090] 00 5C 00 70 00 72 00 6F 00 64 00 75 00 63 00 74 .\.p.r.o .d.u.c.t [0A0] 00 6F 00 70 00 74 00 69 00 6F 00 6E 00 73 00 00 .o.p.t.i .o.n.s.. [0B0] 00 00 00 00 00 19 00 02 00 ........ . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=168 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748b) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b564f0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748b name: winreg open: Yes len: 168 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 168 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 152 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00a8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 152 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 152, incoming data = 152 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000090 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 000f [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x555555668280 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_entry [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0060 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0060 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 5b891d68 [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000030 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000030 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : s.y.s.t.e.m.\.c.u.r.r.e.n.t.c.o.n.t.r.o.l.s.e.t.\.c.o.n.t.r.o.l.\.p.r.o.d.u.c.t.o.p.t.i.o.n.s... [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 unknown_0 : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c access: 00020019 [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (1) [2007/01/04 16:05:20, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:20, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/system/currentcontrolset/control/productoptions] [2007/01/04 16:05:20, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/system/currentcontrolset/control/productoptions] [2007/01/04 16:05:20, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2007/01/04 16:05:20, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00020019, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 [2007/01/04 16:05:20, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (20019) granted. [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_entry [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd handle [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 656 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 152 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748b name: winreg len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2560 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 00 00 00 ........ E:k..... [030] 00 . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 200 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xc8 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 41 of length 204 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=200 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2624 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 116 (0x74) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29835 (0x748B) smb_bcc=133 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 74 00 00 00 03 00 00 ........ .t...... [020] 00 5C 00 00 00 00 00 11 00 00 00 00 00 02 00 00 .\...... ........ [030] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 18 00 18 ........ E:k..... [040] 00 50 1D 89 5B 0C 00 00 00 00 00 00 00 0C 00 00 .P..[... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 D8 F9 F4 02 00 00 00 .y.p.e.. ........ [070] 00 00 00 00 00 D0 F9 F4 02 00 00 00 00 C8 F9 F4 ........ ........ [080] 02 00 00 00 00 ..... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=116 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748b) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b564f0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748b name: winreg open: Yes len: 116 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 116 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 116 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 100 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 100 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0074 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 100 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 100, incoming data = 100 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000005c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0011 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[10].fn == 0x555555668330 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 5b891d50 [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 ptr_reserved: 02f4f9d8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr_buf: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 unk1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c ptr_buflen: 02f4f9d0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 buflen: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 ptr_buflen2: 02f4f9c8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 buflen2: 00000000 [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:20, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2007/01/04 16:05:20, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [ProductType] [2007/01/04 16:05:20, 8] registry/reg_frontend.c:fetch_reg_values_specific(283) fetch_reg_values_specific: Initializing cache of values for [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:20, 10] registry/reg_db.c:regdb_fetch_values(563) regdb_fetch_values: Looking for value of key [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:20, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [ProductType] [2007/01/04 16:05:20, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [ProductType] [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type: 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr: f000baaa [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buf_max_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ptr: f000baaa [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 buf_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_werror(824) 001c status: WERR_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 100 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748b name: winreg len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0038 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000020 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..56] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2624 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 AA BA 00 F0 01 00 00 . ...... ........ [020] 00 00 00 00 00 AA BA 00 F0 0C 00 00 00 AA BA 00 ........ ........ [030] F0 0C 00 00 00 00 00 00 00 ........ . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 212 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xd4 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 42 of length 216 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2688 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29835 (0x748B) smb_bcc=145 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ [020] 00 68 00 00 00 00 00 11 00 00 00 00 00 02 00 00 .h...... ........ [030] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 18 00 18 ........ E:k..... [040] 00 50 1D 89 5B 0C 00 00 00 00 00 00 00 0C 00 00 .P..[... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 D8 F9 F4 02 B0 97 0B .y.p.e.. ........ [070] 00 B0 97 0B 00 0C 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 D0 F9 F4 02 0C 00 00 00 C8 F9 F4 02 00 00 00 ........ ........ [090] 00 . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=128 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748b) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b564f0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748b name: winreg open: Yes len: 128 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 128 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 112 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0080 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 112 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000068 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0011 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[10].fn == 0x555555668330 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 5b891d50 [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 ptr_reserved: 02f4f9d8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr_buf: 000b97b0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 ptr_bufsize: 000b97b0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c bufsize: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 buf_unk: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 unk1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 ptr_buflen: 02f4f9d0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buflen: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 ptr_buflen2: 02f4f9c8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buflen2: 00000000 [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:20, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2007/01/04 16:05:20, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [ProductType] [2007/01/04 16:05:20, 8] registry/reg_frontend.c:fetch_reg_values_specific(298) fetch_reg_values_specific: Updating cache of values for [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:20, 10] registry/reg_db.c:regdb_fetch_values(563) regdb_fetch_values: Looking for value of key [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:20, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [ProductType] [2007/01/04 16:05:20, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [ProductType] [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type: 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr: f000baaa [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_regval_buffer value [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buf_max_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 offset : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 buf_len : 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0018 buffer : W.i.n.N.T... [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 ptr: f000baaa [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 buf_max_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr: f000baaa [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 buf_len: 0000000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_werror(824) 0034 status: WERR_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 96 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 112 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748b name: winreg len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 56. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0050 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000038 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..80] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2688 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 50 00 00 00 04 00 00 ........ .P...... [010] 00 38 00 00 00 00 00 00 00 AA BA 00 F0 01 00 00 .8...... ........ [020] 00 AA BA 00 F0 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ [030] 00 57 00 69 00 6E 00 4E 00 54 00 00 00 AA BA 00 .W.i.n.N .T...... [040] F0 0C 00 00 00 AA BA 00 F0 0C 00 00 00 00 00 00 ........ ........ [050] 00 . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 43 of length 132 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2752 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29835 (0x748B) smb_bcc=61 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 ........ E:k.. [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748b) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b564f0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748b name: winreg open: Yes len: 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x555555667fb0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2007/01/04 16:05:20, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (1) [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748b name: winreg len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2752 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 44 of length 132 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2816 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29835 (0x748B) smb_bcc=61 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 ........ E:k.. [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748b) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b564f0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748b name: winreg open: Yes len: 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x555555667fb0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2007/01/04 16:05:20, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (0) [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748b name: winreg len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2816 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 45 of length 45 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2880 smt_wct=3 smb_vwv[ 0]=29835 (0x748B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748b [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748b (pipes_open=1) [2007/01/04 16:05:20, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:748b [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe winreg [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name winreg pnum=748b (pipes_open=0) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2880 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 46 of length 104 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2944 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:20, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2007/01/04 16:05:20, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 748c (pipes_open=1) [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=748c [2007/01/04 16:05:20, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=2944 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=35840 (0x8C00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 47 of length 140 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3008 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29836 (0x748C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748c [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748c (pipes_open=1) [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748c name: lsarpc open: Yes len: 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345778 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ab [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2007/01/04 16:05:20, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/01/04 16:05:20, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=748c nwritten=72 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3008 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 48 of length 63 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3072 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29836 (0x748C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748c [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748c (pipes_open=1) [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748c name: lsarpc len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/01/04 16:05:20, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=748c min=1024 max=1024 nread=68 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3072 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 172 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xac [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 49 of length 176 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=3136 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29836 (0x748C) smb_bcc=105 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... [020] 00 40 00 00 00 00 00 2C 00 E8 4F 25 01 09 00 00 .@....., ..O%.... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 62 00 69 ........ .\.\.b.i [040] 00 74 00 73 00 6D 00 62 00 00 00 C9 11 18 00 00 .t.s.m.b ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 01 00 00 00 ........ . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=88 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748c [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748c (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 748c) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b565d0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748c name: lsarpc open: Yes len: 88 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 88 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000040 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002c [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x555555661130 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr : 01254fe8 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.b.i.t.s.m.b... [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000022 lsa_io_obj_attr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 len : 00000018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 ptr_root_dir: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr_obj_name: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 attributes : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 ptr_sec_desc: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 ptr_sec_qos : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c des_access: 00000001 [2007/01/04 16:05:20, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:20, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 1 [2007/01/04 16:05:20, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 846 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 72 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748c name: lsarpc len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=3136 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 00 00 00 ........ E:k..... [030] 00 . [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:20, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x82 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 50 of length 134 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=3200 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29836 (0x748C) smb_bcc=63 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 03 00 00 ........ ........ [030] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 03 00 ........ E:k.... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:20, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748c [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748c (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 748c) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b565d0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748c name: lsarpc open: Yes len: 46 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0007 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[2].fn == 0x5555556614f0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 info_class: 0003 [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 dom_ptr: 22000000 [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 info_class: 0003 [2007/01/04 16:05:20, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query_3 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 uni_dom_max_len: 0006 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a uni_dom_str_len: 0008 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buffer_dom_name: 00000001 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buffer_dom_sid : 00000001 [2007/01/04 16:05:20, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 uni_max_len: 00000004 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 offset : 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_str_len: 00000003 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0020 buffer : B.I.T. [2007/01/04 16:05:20, 8] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_dom_sid2 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 num_auths: 00000004 [2007/01/04 16:05:20, 9] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_dom_sid sid [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002c sid_rev_num: 01 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002d num_auths : 04 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002e id_auth[0] : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002f id_auth[1] : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0030 id_auth[2] : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0031 id_auth[3] : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0032 id_auth[4] : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0033 id_auth[5] : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0034 sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0044 status: NT_STATUS_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 8 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748c name: lsarpc len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 72. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0060 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000048 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..96] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=3200 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 02 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .H...... ...."... [020] 00 06 00 08 00 01 00 00 00 01 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 03 00 00 00 42 00 49 00 54 00 00 ........ .B.I.T.. [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8B 81 01 0B 6F DA 95 8A CC CC 07 1F 00 00 00 .....o.. ........ [060] 00 . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 51 of length 132 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=3264 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29836 (0x748C) smb_bcc=61 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [030] 00 00 00 00 00 B0 17 9D 45 3A 6B 00 00 ........ E:k.. [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2007/01/04 16:05:20, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:20, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:20, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748c [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748c (pipes_open=1) [2007/01/04 16:05:20, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 748c) [2007/01/04 16:05:20, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b565d0 max_trans_reply: 1024 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748c name: lsarpc open: Yes len: 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:20, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2007/01/04 16:05:20, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[4].fn == 0x555555661980 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b0 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B0 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:20, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2007/01/04 16:05:20, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/01/04 16:05:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/01/04 16:05:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2007/01/04 16:05:20, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748c name: lsarpc len: 1024 [2007/01/04 16:05:20, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:20, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:20, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=3264 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 52 of length 45 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3328 smt_wct=3 smb_vwv[ 0]=29836 (0x748C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748c [2007/01/04 16:05:20, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748c (pipes_open=1) [2007/01/04 16:05:20, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:748c [2007/01/04 16:05:20, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2007/01/04 16:05:20, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=748c (pipes_open=0) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3328 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 53 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3392 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:20, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:20, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:20, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /opt/export/groups [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3392 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 54 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3456 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3456 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x68 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 55 of length 108 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3521 smt_wct=15 smb_vwv[ 0]= 36 (0x24) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 36 (0x24) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=39 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 00 00 .p.s... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "" [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(137) conversion finished "" -> . [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: . [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Fri Apr 21 12:26:43 2006 access: Thu Jan 4 16:05:20 2007 write: Fri Apr 21 12:26:43 2006 change: Fri Apr 21 12:26:43 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3521 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 33 7C 15 2E 65 C6 01 00 78 2B ......3| ..e...x+ [010] C0 11 30 C7 01 80 33 7C 15 2E 65 C6 01 80 33 7C ..0...3| ..e...3| [020] 15 2E 65 C6 01 10 00 00 00 00 00 00 00 ..e..... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 122 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7a [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 56 of length 126 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=122 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3585 smt_wct=15 smb_vwv[ 0]= 54 (0x36) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 54 (0x36) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=57 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C 00 67 .b.i.t.s .m.b.\.g [020] 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 00 6F .r.o.u.p .s.\.c.o [030] 00 73 00 65 00 63 00 00 00 .s.e.c.. . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2findfirst(1662) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2findfirst(1719) dir=./, mask = cosec [2007/01/04 16:05:20, 5] smbd/dir.c:dptr_create(392) dptr_create dir=./ [2007/01/04 16:05:20, 3] smbd/dir.c:dptr_create(512) creating new dirptr 256 for path ./, expect_close = 1 [2007/01/04 16:05:20, 4] smbd/trans2.c:call_trans2findfirst(1775) dptr_num is 256, wcard = cosec, attr = 22 [2007/01/04 16:05:20, 8] smbd/trans2.c:call_trans2findfirst(1780) dirpath=<./> dontdescend=<> [2007/01/04 16:05:20, 8] smbd/trans2.c:get_lanman2_dir_entry(1110) get_lanman2_dir_entry:readdir on dirptr 0x555555afc020 now at offset -1 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: ./cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 5] smbd/trans2.c:get_lanman2_dir_entry(1197) get_lanman2_dir_entry found ./cosec fname=cosec [2007/01/04 16:05:20, 10] smbd/trans2.c:get_lanman2_dir_entry(1340) get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2findfirst(1828) call_trans2findfirst - (2) closing dptr_num 256 [2007/01/04 16:05:20, 4] smbd/dir.c:dptr_close_internal(239) closing dptr key 256 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3585 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [010] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [020] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [030] 3E 1E 1D C7 01 00 00 00 00 00 00 00 00 00 00 00 >....... ........ [040] 00 00 00 00 00 10 00 00 00 0A 00 00 00 00 00 00 ........ ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 63 00 6F 00 73 ........ ...c.o.s [070] 00 65 00 63 00 .e.c. [2007/01/04 16:05:20, 4] smbd/trans2.c:call_trans2findfirst(1864) SMBtrans2 mask=cosec directory=./ dirtype=22 numentries=1 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x68 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 57 of length 108 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=104 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3649 smt_wct=15 smb_vwv[ 0]= 36 (0x24) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 36 (0x24) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=39 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 00 00 .p.s... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "" [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(137) conversion finished "" -> . [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: . [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Fri Apr 21 12:26:43 2006 access: Thu Jan 4 16:05:20 2007 write: Fri Apr 21 12:26:43 2006 change: Fri Apr 21 12:26:43 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3649 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 33 7C 15 2E 65 C6 01 00 78 2B ......3| ..e...x+ [010] C0 11 30 C7 01 80 33 7C 15 2E 65 C6 01 80 33 7C ..0...3| ..e...3| [020] 15 2E 65 C6 01 10 00 00 00 00 00 00 00 ..e..... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 122 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7a [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 58 of length 126 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=122 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3713 smt_wct=15 smb_vwv[ 0]= 54 (0x36) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 54 (0x36) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=57 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C 00 67 .b.i.t.s .m.b.\.g [020] 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 00 6F .r.o.u.p .s.\.c.o [030] 00 73 00 65 00 63 00 00 00 .s.e.c.. . [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2findfirst(1662) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2findfirst(1719) dir=./, mask = cosec [2007/01/04 16:05:20, 5] smbd/dir.c:dptr_create(392) dptr_create dir=./ [2007/01/04 16:05:20, 3] smbd/dir.c:dptr_create(512) creating new dirptr 256 for path ./, expect_close = 1 [2007/01/04 16:05:20, 4] smbd/trans2.c:call_trans2findfirst(1775) dptr_num is 256, wcard = cosec, attr = 22 [2007/01/04 16:05:20, 8] smbd/trans2.c:call_trans2findfirst(1780) dirpath=<./> dontdescend=<> [2007/01/04 16:05:20, 8] smbd/trans2.c:get_lanman2_dir_entry(1110) get_lanman2_dir_entry:readdir on dirptr 0x555555ae5810 now at offset -1 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: ./cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 5] smbd/trans2.c:get_lanman2_dir_entry(1197) get_lanman2_dir_entry found ./cosec fname=cosec [2007/01/04 16:05:20, 10] smbd/trans2.c:get_lanman2_dir_entry(1340) get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2findfirst(1828) call_trans2findfirst - (2) closing dptr_num 256 [2007/01/04 16:05:20, 4] smbd/dir.c:dptr_close_internal(239) closing dptr key 256 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3713 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [010] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [020] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [030] 3E 1E 1D C7 01 00 00 00 00 00 00 00 00 00 00 00 >....... ........ [040] 00 00 00 00 00 10 00 00 00 0A 00 00 00 00 00 00 ........ ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 63 00 6F 00 73 ........ ...c.o.s [070] 00 65 00 63 00 .e.c. [2007/01/04 16:05:20, 4] smbd/trans2.c:call_trans2findfirst(1864) SMBtrans2 mask=cosec directory=./ dirtype=22 numentries=1 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 59 of length 120 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3777 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=51 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 EC 03 00 00 00 00 5C 00 62 00 69 00 74 ........ .\.b.i.t [010] 00 73 00 6D 00 62 00 5C 00 67 00 72 00 6F 00 75 .s.m.b.\ .g.r.o.u [020] 00 70 00 73 00 5C 00 63 00 6F 00 73 00 65 00 63 .p.s.\.c .o.s.e.c [030] 00 00 00 ... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = -1) level=1004 call=5 total_data=0 [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:20, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:20, 10] smbd/trans2.c:call_trans2qfilepathinfo(3179) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2qfilepathinfo(3189) SMB_QFBI - create: Mon Dec 11 13:16:53 2006 access: Thu Jan 4 16:05:00 2007 write: Mon Dec 11 13:16:53 2006 change: Mon Dec 11 13:16:53 2006 mode: 10 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/01/04 16:05:20, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3777 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 80 A8 03 3E 1E 1D C7 01 00 B6 3F ........ >......? [010] B4 11 30 C7 01 80 A8 03 3E 1E 1D C7 01 80 A8 03 ..0..... >....... [020] 3E 1E 1D C7 01 10 00 00 00 00 00 00 00 >....... ..... [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:20, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 126 [2007/01/04 16:05:20, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7e [2007/01/04 16:05:20, 3] smbd/process.c:process_smb(1110) Transaction 60 of length 130 [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=126 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3841 smt_wct=15 smb_vwv[ 0]= 58 (0x3A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 58 (0x3A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=61 [2007/01/04 16:05:20, 10] lib/util.c:dump_data(2222) [000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [010] 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C 00 67 .b.i.t.s .m.b.\.g [020] 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 00 6F .r.o.u.p .s.\.c.o [030] 00 73 00 65 00 63 00 5C 00 2A 00 00 00 .s.e.c.\ .*... [2007/01/04 16:05:20, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:20, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:20, 3] smbd/trans2.c:call_trans2findfirst(1662) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec/*. after trimming \'s [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:20, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec/* [2007/01/04 16:05:20, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec/* [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec/*" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [COSEC/*] [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = cosec/*, dirpath = cosec, start = * [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(335) New file * [2007/01/04 16:05:20, 5] smbd/msdfs.c:is_msdfs_link(269) is_msdfs_link: cosec/* does not exist. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec/*. [2007/01/04 16:05:20, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec/* [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec/*" [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [COSEC/*] [2007/01/04 16:05:20, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = cosec/*, dirpath = cosec, start = * [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2007/01/04 16:05:20, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2007/01/04 16:05:20, 5] smbd/filename.c:unix_convert(335) New file * [2007/01/04 16:05:20, 5] smbd/trans2.c:call_trans2findfirst(1719) dir=cosec, mask = * [2007/01/04 16:05:20, 5] smbd/dir.c:dptr_create(392) dptr_create dir=cosec [2007/01/04 16:05:20, 5] smbd/dir.c:OpenDir(1056) OpenDir: Can't open cosec. Permission denied [2007/01/04 16:05:20, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2007/01/04 16:05:20, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(1772) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED [2007/01/04 16:05:20, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:20, 5] lib/util.c:show_msg(495) size=35 smb_com=0x32 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=3841 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:20, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 61 of length 104 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=3905 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:21, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:21, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:21, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:21, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /var/tmp [2007/01/04 16:05:21, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:21, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2007/01/04 16:05:21, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 748d (pipes_open=1) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=748d [2007/01/04 16:05:21, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=3905 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=36096 (0x8D00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 62 of length 140 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3969 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29837 (0x748D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. [030] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748d [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748d (pipes_open=1) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748d name: lsarpc open: Yes len: 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 3919286a [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : b10c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 11d0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : 9b a8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 00 c0 4f d9 2e f5 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=748d nwritten=72 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3969 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 63 of length 63 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4033 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29837 (0x748D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748d [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748d (pipes_open=1) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748d name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=748d min=1024 max=1024 nread=68 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4033 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 110 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x6e [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 64 of length 114 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=110 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4097 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29837 (0x748D) smb_bcc=43 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ [020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=26 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748d [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748d (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 748d) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b571d0 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748d name: lsarpc open: Yes len: 26 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 26 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 10 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 001a [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 10 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x0 - unknown [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 23 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0020 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(793) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c reserved: 00000000 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 10 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748d name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4097 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 65 of length 45 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4161 smt_wct=3 smb_vwv[ 0]=29837 (0x748D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748d [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748d (pipes_open=1) [2007/01/04 16:05:21, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:748d [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=748d (pipes_open=0) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4161 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 66 of length 104 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4225 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:21, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \winreg. [2007/01/04 16:05:21, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe winreg opening. [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested winreg (pipes_open=0) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested winreg [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe winreg (pipes_open=0) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe winreg with handle 748e (pipes_open=1) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name winreg pnum=748e [2007/01/04 16:05:21, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \winreg [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4225 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=36352 (0x8E00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 67 of length 140 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4289 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29838 (0x748E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748e name: winreg open: Yes len: 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 338cd001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 2244 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 31f1 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : aa aa [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 90 00 38 00 10 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\winreg [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\samr [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\NETLOGON [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\srvsvc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\wkssvc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\winreg [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\winreg. [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=748e nwritten=72 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4289 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 68 of length 63 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4353 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29838 (0x748E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748e name: winreg len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=748e min=1024 max=1024 nread=68 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4353 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 120 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x78 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 69 of length 124 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4417 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29838 (0x748E) smb_bcc=53 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 50 F0 F4 02 90 50 01 ........ .P....P. [030] 00 00 00 00 02 ..... [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=36 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748e) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b87270 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748e name: winreg open: Yes len: 36 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0002 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[3].fn == 0x555555668070 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_hive [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 02f4f050 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 server: 5090 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 access: 02000000 [2007/01/04 16:05:21, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(50159, 50000) : sec_ctx_stack_ndx = 1 [2007/01/04 16:05:21, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2007/01/04 16:05:21, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/01/04 16:05:21, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/04 16:05:21, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/04 16:05:21, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:21, 10] registry/reg_db.c:regdb_open(265) regdb_open: refcount reset (1) [2007/01/04 16:05:21, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM] [2007/01/04 16:05:21, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM] [2007/01/04 16:05:21, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM] [2007/01/04 16:05:21, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2007/01/04 16:05:21, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:21, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:21, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_hive [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000004 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 538 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 20 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748e name: winreg len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4417 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ [020] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 00 00 00 ........ E:k..... [030] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 252 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xfc [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 70 of length 256 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=252 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4481 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29838 (0x748E) smb_bcc=185 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 A8 00 00 00 02 00 00 ........ ........ [020] 00 90 00 00 00 00 00 0F 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 60 00 60 ........ E:k..`.` [040] 00 68 1D 89 5B 30 00 00 00 00 00 00 00 30 00 00 .h..[0.. .....0.. [050] 00 73 00 79 00 73 00 74 00 65 00 6D 00 5C 00 63 .s.y.s.t .e.m.\.c [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 63 00 6F .u.r.r.e .n.t.c.o [070] 00 6E 00 74 00 72 00 6F 00 6C 00 73 00 65 00 74 .n.t.r.o .l.s.e.t [080] 00 5C 00 63 00 6F 00 6E 00 74 00 72 00 6F 00 6C .\.c.o.n .t.r.o.l [090] 00 5C 00 70 00 72 00 6F 00 64 00 75 00 63 00 74 .\.p.r.o .d.u.c.t [0A0] 00 6F 00 70 00 74 00 69 00 6F 00 6E 00 73 00 00 .o.p.t.i .o.n.s.. [0B0] 00 00 00 00 00 19 00 02 00 ........ . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=168 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748e) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b87270 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748e name: winreg open: Yes len: 168 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 168 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 152 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00a8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 152 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 152, incoming data = 152 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000090 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 000f [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x555555668280 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_entry [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000004 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0060 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0060 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 5b891d68 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : s.y.s.t.e.m.\.c.u.r.r.e.n.t.c.o.n.t.r.o.l.s.e.t.\.c.o.n.t.r.o.l.\.p.r.o.d.u.c.t.o.p.t.i.o.n.s... [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 unknown_0 : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c access: 00020019 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (1) [2007/01/04 16:05:21, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:21, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/system/currentcontrolset/control/productoptions] [2007/01/04 16:05:21, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/system/currentcontrolset/control/productoptions] [2007/01/04 16:05:21, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2007/01/04 16:05:21, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00020019, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:21, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:21, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 [2007/01/04 16:05:21, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (20019) granted. [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 05 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_entry [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd handle [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000005 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 656 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 152 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748e name: winreg len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4481 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ [020] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 00 00 00 ........ E:k..... [030] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 200 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xc8 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 71 of length 204 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=200 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4545 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 116 (0x74) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29838 (0x748E) smb_bcc=133 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 74 00 00 00 03 00 00 ........ .t...... [020] 00 5C 00 00 00 00 00 11 00 00 00 00 00 05 00 00 .\...... ........ [030] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 18 00 18 ........ E:k..... [040] 00 50 1D 89 5B 0C 00 00 00 00 00 00 00 0C 00 00 .P..[... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 AC F0 F4 02 00 00 00 .y.p.e.. ........ [070] 00 00 00 00 00 A4 F0 F4 02 00 00 00 00 9C F0 F4 ........ ........ [080] 02 00 00 00 00 ..... [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=116 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748e) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b87270 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748e name: winreg open: Yes len: 116 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 116 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 116 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 100 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 100 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0074 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 100 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 100, incoming data = 100 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000005c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0011 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[10].fn == 0x555555668330 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000005 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 5b891d50 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 ptr_reserved: 02f4f0ac [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr_buf: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 unk1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c ptr_buflen: 02f4f0a4 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 buflen: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 ptr_buflen2: 02f4f09c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 buflen2: 00000000 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:21, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2007/01/04 16:05:21, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [ProductType] [2007/01/04 16:05:21, 8] registry/reg_frontend.c:fetch_reg_values_specific(298) fetch_reg_values_specific: Updating cache of values for [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:21, 10] registry/reg_db.c:regdb_fetch_values(563) regdb_fetch_values: Looking for value of key [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:21, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [ProductType] [2007/01/04 16:05:21, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [ProductType] [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type: 00000001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr: f000baaa [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buf_max_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ptr: f000baaa [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 buf_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_werror(824) 001c status: WERR_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 100 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748e name: winreg len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0038 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000020 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..56] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4545 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 AA BA 00 F0 01 00 00 . ...... ........ [020] 00 00 00 00 00 AA BA 00 F0 0C 00 00 00 AA BA 00 ........ ........ [030] F0 0C 00 00 00 00 00 00 00 ........ . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 212 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xd4 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 72 of length 216 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4609 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29838 (0x748E) smb_bcc=145 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ [020] 00 68 00 00 00 00 00 11 00 00 00 00 00 05 00 00 .h...... ........ [030] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 18 00 18 ........ E:k..... [040] 00 50 1D 89 5B 0C 00 00 00 00 00 00 00 0C 00 00 .P..[... ........ [050] 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 54 .P.r.o.d .u.c.t.T [060] 00 79 00 70 00 65 00 00 00 AC F0 F4 02 30 22 19 .y.p.e.. .....0". [070] 00 30 22 19 00 0C 00 00 00 00 00 00 00 00 00 00 .0"..... ........ [080] 00 A4 F0 F4 02 0C 00 00 00 9C F0 F4 02 00 00 00 ........ ........ [090] 00 . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=128 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748e) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b87270 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748e name: winreg open: Yes len: 128 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 128 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 112 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0080 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 112 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000068 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0011 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[10].fn == 0x555555668330 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000005 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 0018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 0018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 5b891d50 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : P.r.o.d.u.c.t.T.y.p.e... [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 ptr_reserved: 02f4f0ac [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 ptr_buf: 00192230 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 ptr_bufsize: 00192230 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c bufsize: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 buf_unk: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 unk1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 ptr_buflen: 02f4f0a4 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buflen: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 ptr_buflen2: 02f4f09c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buflen2: 00000000 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:21, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2007/01/04 16:05:21, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [ProductType] [2007/01/04 16:05:21, 8] registry/reg_frontend.c:fetch_reg_values_specific(298) fetch_reg_values_specific: Updating cache of values for [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:21, 10] registry/reg_db.c:regdb_fetch_values(563) regdb_fetch_values: Looking for value of key [HKLM\system\currentcontrolset\control\productoptions] [2007/01/04 16:05:21, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [ProductType] [2007/01/04 16:05:21, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [ProductType] [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type: 00000001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr: f000baaa [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_regval_buffer value [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buf_max_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 offset : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 buf_len : 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0018 buffer : W.i.n.N.T... [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 ptr: f000baaa [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 buf_max_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr: f000baaa [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 buf_len: 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_werror(824) 0034 status: WERR_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 96 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 112 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748e name: winreg len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 56. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0050 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000038 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..80] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4609 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 50 00 00 00 04 00 00 ........ .P...... [010] 00 38 00 00 00 00 00 00 00 AA BA 00 F0 01 00 00 .8...... ........ [020] 00 AA BA 00 F0 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ [030] 00 57 00 69 00 6E 00 4E 00 54 00 00 00 AA BA 00 .W.i.n.N .T...... [040] F0 0C 00 00 00 AA BA 00 F0 0C 00 00 00 00 00 00 ........ ........ [050] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 73 of length 132 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4673 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29838 (0x748E) smb_bcc=61 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 05 00 00 ........ ........ [030] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 ........ E:k.. [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748e) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b87270 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748e name: winreg open: Yes len: 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x555555667fb0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000005 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2007/01/04 16:05:21, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (1) [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748e name: winreg len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4673 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 74 of length 132 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4737 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29838 (0x748E) smb_bcc=61 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 ........ E:k.. [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 748e) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b87270 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748e name: winreg open: Yes len: 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\winreg [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x555555667fb0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000004 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2007/01/04 16:05:21, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (0) [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called winreg successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748e name: winreg len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4737 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 75 of length 45 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4801 smt_wct=3 smb_vwv[ 0]=29838 (0x748E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748e [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=748e (pipes_open=1) [2007/01/04 16:05:21, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:748e [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe winreg [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name winreg pnum=748e (pipes_open=0) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4801 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 76 of length 104 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4865 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:21, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2007/01/04 16:05:21, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 748f (pipes_open=1) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=748f [2007/01/04 16:05:21, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=4865 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=36608 (0x8F00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 77 of length 140 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4929 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29839 (0x748F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748f [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748f (pipes_open=1) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748f name: lsarpc open: Yes len: 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345778 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ab [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=748f nwritten=72 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4929 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 78 of length 63 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4993 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29839 (0x748F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748f [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748f (pipes_open=1) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748f name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=748f min=1024 max=1024 nread=68 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=4993 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 172 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xac [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 79 of length 176 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5057 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29839 (0x748F) smb_bcc=105 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... [020] 00 40 00 00 00 00 00 2C 00 A8 05 23 01 09 00 00 .@....., ...#.... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 62 00 69 ........ .\.\.b.i [040] 00 74 00 73 00 6D 00 62 00 00 00 C9 11 18 00 00 .t.s.m.b ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 01 00 00 00 ........ . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=88 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748f [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748f (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 748f) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b56350 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748f name: lsarpc open: Yes len: 88 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 88 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000040 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002c [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x555555661130 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr : 012305a8 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.b.i.t.s.m.b... [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000022 lsa_io_obj_attr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 len : 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 ptr_root_dir: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr_obj_name: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 attributes : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 ptr_sec_desc: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 ptr_sec_qos : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c des_access: 00000001 [2007/01/04 16:05:21, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:21, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:21, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 1 [2007/01/04 16:05:21, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 06 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000006 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 846 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 72 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748f name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5057 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 06 00 00 ........ ........ [020] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 00 00 00 ........ E:k..... [030] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x82 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 80 of length 134 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5121 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29839 (0x748F) smb_bcc=63 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 06 00 00 ........ ........ [030] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 03 00 ........ E:k.... [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748f [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748f (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 748f) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b56350 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748f name: lsarpc open: Yes len: 46 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0007 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[2].fn == 0x5555556614f0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000006 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 info_class: 0003 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 dom_ptr: 22000000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 info_class: 0003 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query_3 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 uni_dom_max_len: 0006 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a uni_dom_str_len: 0008 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buffer_dom_name: 00000001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buffer_dom_sid : 00000001 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 uni_max_len: 00000004 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 offset : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_str_len: 00000003 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0020 buffer : B.I.T. [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_dom_sid2 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 num_auths: 00000004 [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_dom_sid sid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002c sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002d num_auths : 04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002e id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002f id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0030 id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0031 id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0032 id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0033 id_auth[5] : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0034 sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0044 status: NT_STATUS_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 8 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748f name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 72. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0060 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000048 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..96] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5121 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 02 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .H...... ...."... [020] 00 06 00 08 00 01 00 00 00 01 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 03 00 00 00 42 00 49 00 54 00 00 ........ .B.I.T.. [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 8B 81 01 0B 6F DA 95 8A CC CC 07 1F 00 00 00 .....o.. ........ [060] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x80 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 81 of length 132 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5185 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29839 (0x748F) smb_bcc=61 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 06 00 00 ........ ........ [030] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 ........ E:k.. [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748f [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748f (pipes_open=1) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 748f) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b56350 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 748f name: lsarpc open: Yes len: 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[4].fn == 0x555555661980 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000006 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 748f name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5185 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 82 of length 45 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=5249 smt_wct=3 smb_vwv[ 0]=29839 (0x748F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=748f [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=748f (pipes_open=1) [2007/01/04 16:05:21, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:748f [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=748f (pipes_open=0) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=5249 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 126 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x7e [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 83 of length 130 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=126 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=5313 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=10240 (0x2800) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=32768 (0x8000) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=43 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 62 00 69 00 74 00 73 00 6D 00 62 00 5C .\.b.i.t .s.m.b.\ [010] 00 67 00 72 00 6F 00 75 00 70 00 73 00 5C 00 63 .g.r.o.u .p.s.\.c [020] 00 6F 00 73 00 65 00 63 00 00 00 .o.s.e.c ... [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:21, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:21, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:21, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:21, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:21, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /opt/export/groups [2007/01/04 16:05:21, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x10, access_mask = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0 [2007/01/04 16:05:21, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .bitsmb/groups/cosec. after trimming \'s [2007/01/04 16:05:21, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: bitsmb [2007/01/04 16:05:21, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: groups [2007/01/04 16:05:21, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: cosec [2007/01/04 16:05:21, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = /opt/export/groups req_path = cosec [2007/01/04 16:05:21, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:21, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:21, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting bitsmb/groups/cosec. [2007/01/04 16:05:21, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path cosec [2007/01/04 16:05:21, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "cosec" [2007/01/04 16:05:21, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [COSEC] -> [cosec] [2007/01/04 16:05:21, 3] smbd/dosmode.c:unix_mode(147) unix_mode(cosec) returning 0744 [2007/01/04 16:05:21, 10] smbd/open.c:open_file_ntcreate(1144) open_file_ntcreate: fname=cosec, dos_attrs=0x0 access_mask=0x20080 share_access=0x7 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=0 [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:21, 10] smbd/open.c:open_file_ntcreate(1306) open_file_ntcreate: fname=cosec, after mapping access_mask=0x20080 [2007/01/04 16:05:21, 5] smbd/files.c:file_new(126) allocated file structure 8945, fnum = 13041 (1 used) [2007/01/04 16:05:21, 4] smbd/open.c:open_file_ntcreate(1545) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20080, open_access_mask = 0x20080 [2007/01/04 16:05:21, 5] smbd/files.c:file_free(448) freed files structure 13041 (0 used) [2007/01/04 16:05:21, 5] smbd/open.c:open_directory(1866) open_directory: opening directory cosec, access_mask = 0x20080, share_access = 0x7 create_options = 0x200000, create_disposition = 0x1 [2007/01/04 16:05:21, 5] smbd/files.c:file_new(126) allocated file structure 8946, fnum = 13042 (1 used) [2007/01/04 16:05:21, 10] locking/locking.c:unparse_share_modes(654) unparse_share_modes: del: 0, initial del 0, tok = 0, num: 1 [2007/01/04 16:05:21, 10] locking/locking.c:print_share_mode_table(473) print_share_mode_table: share_mode_entry[0]: pid = 27450, share_access = 0x7, private_options = 0x200000, access_mask = 0x20080, mid = 0x0, type= 0x0, file_id = 9, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:21, 5] smbd/nttrans.c:reply_ntcreate_and_X(905) reply_ntcreate_and_X: fnum = 13042, open name = cosec [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=5313 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=61952 (0xF200) smb_vwv[ 3]= 306 (0x132) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]= 936 (0x3A8) smb_vwv[ 7]= 7742 (0x1E3E) smb_vwv[ 8]=50973 (0xC71D) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]=16310 (0x3FB6) smb_vwv[11]= 4532 (0x11B4) smb_vwv[12]=50992 (0xC730) smb_vwv[13]=32769 (0x8001) smb_vwv[14]= 936 (0x3A8) smb_vwv[15]= 7742 (0x1E3E) smb_vwv[16]=50973 (0xC71D) smb_vwv[17]=32769 (0x8001) smb_vwv[18]= 936 (0x3A8) smb_vwv[19]= 7742 (0x1E3E) smb_vwv[20]=50973 (0xC71D) smb_vwv[21]= 4097 (0x1001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 1792 (0x700) smb_vwv[33]= 256 (0x100) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 72 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x48 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 84 of length 76 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=5377 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 00 00 F2 32 EE 03 ....2.. [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/trans2.c:call_trans2qfilepathinfo(2852) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2007/01/04 16:05:21, 10] locking/locking.c:parse_share_modes(501) parse_share_modes: delete_on_close: 0, initial_delete_on_close: 0, num_share_modes: 1 [2007/01/04 16:05:21, 10] locking/locking.c:parse_share_modes(594) parse_share_modes: share_mode_entry[0]: pid = 27450, share_access = 0x7, private_options = 0x200000, access_mask = 0x20080, mid = 0x0, type= 0x0, file_id = 9, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:21, 3] smbd/trans2.c:call_trans2qfilepathinfo(2959) call_trans2qfilepathinfo cosec (fnum = 13042) level=1006 call=7 total_data=0 [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode(377) dos_mode: cosec [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode_from_sbuf(193) dos_mode_from_sbuf returning d [2007/01/04 16:05:21, 8] smbd/dosmode.c:dos_mode(415) dos_mode returning d [2007/01/04 16:05:21, 10] smbd/trans2.c:call_trans2qfilepathinfo(3299) call_trans2qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2007/01/04 16:05:21, 9] smbd/trans2.c:send_trans2_replies(690) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2007/01/04 16:05:21, 9] smbd/trans2.c:send_trans2_replies(692) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=5377 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 00 00 00 00 02 C0 49 06 03 FD 00 00 .......I ..... [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x54 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 85 of length 88 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=5441 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 00 00 F2 32 00 00 04 00 00 00 ....2... ... [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBnttrans (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1959) call_nt_transact_query_security_desc: file = cosec, info_wanted = 0x4 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:get_nt_acl(2730) get_nt_acl: called for file cosec [2007/01/04 16:05:21, 5] smbd/posix_acls.c:get_nt_acl(2767) get_nt_acl : file ACL present, directory ACL present [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:uid_to_sid(1096) uid_to_sid: winbindd 50477 -> S-1-5-21-184648075-2325076591-520604876-1925 [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:uid_to_sid(1117) uid_to_sid: local 50477 -> S-1-5-21-184648075-2325076591-520604876-1925 [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:gid_to_sid(1142) gid_to_sid: winbindd 50017 -> S-1-5-21-184648075-2325076591-520604876-1234 [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:gid_to_sid(1161) gid_to_sid: local 50017 -> S-1-5-21-184648075-2325076591-520604876-1234 [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:store_gid_sid_cache(1071) store_gid_sid_cache: gid 50017 in cache -> S-1-5-21-184648075-2325076591-520604876-1234 [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:uid_to_sid(1096) uid_to_sid: winbindd 50264 -> S-1-5-21-184648075-2325076591-520604876-1568 [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:uid_to_sid(1117) uid_to_sid: local 50264 -> S-1-5-21-184648075-2325076591-520604876-1568 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2205) canonicalise_acl: Access ace entries before arrange : [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 1. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1234 gid 50017 (BIT+cosec) SMB_ACL_GROUP_OBJ perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 2. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1568 uid 50264 (BIT+jngerhar) SMB_ACL_USER perms --x [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 3. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1925 uid 50477 (BIT+pfister) SMB_ACL_USER_OBJ perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:print_canon_ace_list(595) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1925 uid 50477 (BIT+pfister) SMB_ACL_USER_OBJ perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1234 gid 50017 (BIT+cosec) SMB_ACL_GROUP_OBJ perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1568 uid 50264 (BIT+jngerhar) SMB_ACL_USER perms --x canon_ace index 3. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(930) fetch sid from uid cache 50264 -> S-1-5-21-184648075-2325076591-520604876-1568 [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(930) fetch sid from uid cache 50477 -> S-1-5-21-184648075-2325076591-520604876-1925 [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(1007) fetch sid from gid cache 50017 -> S-1-5-21-184648075-2325076591-520604876-1234 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2205) canonicalise_acl: Default ace entries before arrange : [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 1. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1234 gid 50017 (BIT+cosec) SMB_ACL_GROUP perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 2. Type = allow SID = S-1-3-1 gid 50017 (BIT+cosec) SMB_ACL_GROUP_OBJ perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 3. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1925 uid 50477 (BIT+pfister) SMB_ACL_USER perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 4. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1568 uid 50264 (BIT+jngerhar) SMB_ACL_USER perms --x [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 5. Type = allow SID = S-1-3-0 uid 50477 (BIT+pfister) SMB_ACL_USER_OBJ perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:print_canon_ace_list(595) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-3-0 uid 50477 (BIT+pfister) SMB_ACL_USER_OBJ perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1234 gid 50017 (BIT+cosec) SMB_ACL_GROUP perms rwx canon_ace index 2. Type = allow SID = S-1-3-1 gid 50017 (BIT+cosec) SMB_ACL_GROUP_OBJ perms rwx canon_ace index 3. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1925 uid 50477 (BIT+pfister) SMB_ACL_USER perms rwx canon_ace index 4. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1568 uid 50264 (BIT+jngerhar) SMB_ACL_USER perms --x canon_ace index 5. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 40 to (NT) 120020 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 40 to (NT) 120020 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:merge_default_aces(2691) merge_default_aces: Merging ACE 7 onto ACE 0. [2007/01/04 16:05:21, 10] smbd/posix_acls.c:merge_default_aces(2691) merge_default_aces: Merging ACE 5 onto ACE 1. [2007/01/04 16:05:21, 10] smbd/posix_acls.c:merge_default_aces(2691) merge_default_aces: Merging ACE 6 onto ACE 2. [2007/01/04 16:05:21, 10] smbd/posix_acls.c:merge_default_aces(2677) merge_default_aces: Merging zero access ACE 3 onto ACE 6. [2007/01/04 16:05:21, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1986) call_nt_transact_query_security_desc: sd_size = 196. [2007/01/04 16:05:21, 3] smbd/error.c:error_packet(146) error packet at smbd/nttrans.c(90) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL [2007/01/04 16:05:21, 9] smbd/nttrans.c:send_nt_replies(229) nt_rep: params_sent_thistime = 4, data_sent_thistime = 0, useable_space = 131030 [2007/01/04 16:05:21, 9] smbd/nttrans.c:send_nt_replies(231) nt_rep: params_to_send = 4, data_to_send = 0, paramsize = 4, datasize = 0 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=78 smb_com=0xa0 smb_rcls=35 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=5441 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18944 (0x4A00) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=7 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 00 00 C4 00 00 00 ....... [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x54 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 86 of length 88 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=5505 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=50176 (0xC400) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 00 00 F2 32 00 00 04 00 00 00 ....2... ... [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBnttrans (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1959) call_nt_transact_query_security_desc: file = cosec, info_wanted = 0x4 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:get_nt_acl(2730) get_nt_acl: called for file cosec [2007/01/04 16:05:21, 5] smbd/posix_acls.c:get_nt_acl(2767) get_nt_acl : file ACL present, directory ACL present [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(930) fetch sid from uid cache 50477 -> S-1-5-21-184648075-2325076591-520604876-1925 [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(1007) fetch sid from gid cache 50017 -> S-1-5-21-184648075-2325076591-520604876-1234 [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(930) fetch sid from uid cache 50264 -> S-1-5-21-184648075-2325076591-520604876-1568 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2205) canonicalise_acl: Access ace entries before arrange : [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 1. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1234 gid 50017 (BIT+cosec) SMB_ACL_GROUP_OBJ perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 2. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1568 uid 50264 (BIT+jngerhar) SMB_ACL_USER perms --x [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 3. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1925 uid 50477 (BIT+pfister) SMB_ACL_USER_OBJ perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:print_canon_ace_list(595) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1925 uid 50477 (BIT+pfister) SMB_ACL_USER_OBJ perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1234 gid 50017 (BIT+cosec) SMB_ACL_GROUP_OBJ perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1568 uid 50264 (BIT+jngerhar) SMB_ACL_USER perms --x canon_ace index 3. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(930) fetch sid from uid cache 50264 -> S-1-5-21-184648075-2325076591-520604876-1568 [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(930) fetch sid from uid cache 50477 -> S-1-5-21-184648075-2325076591-520604876-1925 [2007/01/04 16:05:21, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(1007) fetch sid from gid cache 50017 -> S-1-5-21-184648075-2325076591-520604876-1234 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2205) canonicalise_acl: Default ace entries before arrange : [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 1. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1234 gid 50017 (BIT+cosec) SMB_ACL_GROUP perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 2. Type = allow SID = S-1-3-1 gid 50017 (BIT+cosec) SMB_ACL_GROUP_OBJ perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 3. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1925 uid 50477 (BIT+pfister) SMB_ACL_USER perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 4. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1568 uid 50264 (BIT+jngerhar) SMB_ACL_USER perms --x [2007/01/04 16:05:21, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 5. Type = allow SID = S-1-3-0 uid 50477 (BIT+pfister) SMB_ACL_USER_OBJ perms rwx [2007/01/04 16:05:21, 10] smbd/posix_acls.c:print_canon_ace_list(595) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-3-0 uid 50477 (BIT+pfister) SMB_ACL_USER_OBJ perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1234 gid 50017 (BIT+cosec) SMB_ACL_GROUP perms rwx canon_ace index 2. Type = allow SID = S-1-3-1 gid 50017 (BIT+cosec) SMB_ACL_GROUP_OBJ perms rwx canon_ace index 3. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1925 uid 50477 (BIT+pfister) SMB_ACL_USER perms rwx canon_ace index 4. Type = allow SID = S-1-5-21-184648075-2325076591-520604876-1568 uid 50264 (BIT+jngerhar) SMB_ACL_USER perms --x canon_ace index 5. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 40 to (NT) 120020 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 40 to (NT) 120020 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:map_canon_ace_perms(846) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2007/01/04 16:05:21, 10] smbd/posix_acls.c:merge_default_aces(2691) merge_default_aces: Merging ACE 7 onto ACE 0. [2007/01/04 16:05:21, 10] smbd/posix_acls.c:merge_default_aces(2691) merge_default_aces: Merging ACE 5 onto ACE 1. [2007/01/04 16:05:21, 10] smbd/posix_acls.c:merge_default_aces(2691) merge_default_aces: Merging ACE 6 onto ACE 2. [2007/01/04 16:05:21, 10] smbd/posix_acls.c:merge_default_aces(2677) merge_default_aces: Merging zero access ACE 3 onto ACE 6. [2007/01/04 16:05:21, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1986) call_nt_transact_query_security_desc: sd_size = 196. [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sd data [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 revision : 0001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 type : 9004 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 off_owner_sid: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 off_grp_sid : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c off_sacl : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 off_dacl : 00000014 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 revision: 0002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 num_aces : 00000006 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001c type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001d flags: 03 [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 000020 sec_io_access info [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 mask: 001f01ff [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0024 sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0025 num_auths : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0026 id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0027 id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0029 id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002a id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002b id_auth[5] : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 002c sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc 00000785 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e size : 0024 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 000040 sec_io_ace ace_list[01]: [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0040 type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0041 flags: 03 [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 000044 sec_io_access info [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 mask: 001f01ff [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_dom_sid trustee [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 num_auths : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004e id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004f id_auth[5] : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0050 sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc 000004d2 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0042 size : 0024 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 sec_io_ace ace_list[02]: [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0064 type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0065 flags: 03 [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 000068 sec_io_access info [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 mask: 00120020 [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 00006c smb_io_dom_sid trustee [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006c sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006d num_auths : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006e id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006f id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0070 id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0071 id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0072 id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0073 id_auth[5] : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0074 sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc 00000620 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0066 size : 0024 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 000088 sec_io_ace ace_list[03]: [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0088 type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0089 flags: 03 [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 00008c sec_io_access info [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c mask: 00000000 [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 000090 smb_io_dom_sid trustee [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0090 sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0091 num_auths : 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0092 id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0093 id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0094 id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0095 id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0096 id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0097 id_auth[5] : 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0098 sub_auths : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008a size : 0014 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 00009c sec_io_ace ace_list[04]: [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009c type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009d flags: 0b [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000a0 sec_io_access info [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 mask: 001f01ff [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000a4 smb_io_dom_sid trustee [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a4 sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a5 num_auths : 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a6 id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a7 id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a8 id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00a9 id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00aa id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ab id_auth[5] : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 00ac sub_auths : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009e size : 0014 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 0000b0 sec_io_ace ace_list[05]: [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00b0 type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00b1 flags: 0b [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000b4 sec_io_access info [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 mask: 001f01ff [2007/01/04 16:05:21, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000b8 smb_io_dom_sid trustee [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00b8 sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00b9 num_auths : 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00ba id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00bb id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00bc id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00bd id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00be id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 00bf id_auth[5] : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 00c0 sub_auths : 00000001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00b2 size : 0014 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size : 00b0 [2007/01/04 16:05:21, 9] smbd/nttrans.c:send_nt_replies(229) nt_rep: params_sent_thistime = 4, data_sent_thistime = 196, useable_space = 130994 [2007/01/04 16:05:21, 9] smbd/nttrans.c:send_nt_replies(231) nt_rep: params_to_send = 4, data_to_send = 196, paramsize = 4, datasize = 196 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=274 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=3768 smb_uid=101 smb_mid=5505 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]=50176 (0xC400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18944 (0x4A00) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=50176 (0xC400) smb_vwv[12]= 0 (0x0) smb_vwv[13]=19968 (0x4E00) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=203 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 00 00 C4 00 00 00 01 00 04 90 00 00 00 00 00 ........ ........ [010] 00 00 00 00 00 00 00 14 00 00 00 02 00 B0 00 06 ........ ........ [020] 00 00 00 00 03 24 00 FF 01 1F 00 01 05 00 00 00 .....$.. ........ [030] 00 00 05 15 00 00 00 8B 81 01 0B 6F DA 95 8A CC ........ ...o.... [040] CC 07 1F 85 07 00 00 00 03 24 00 FF 01 1F 00 01 ........ .$...... [050] 05 00 00 00 00 00 05 15 00 00 00 8B 81 01 0B 6F ........ .......o [060] DA 95 8A CC CC 07 1F D2 04 00 00 00 03 24 00 20 ........ .....$. [070] 00 12 00 01 05 00 00 00 00 00 05 15 00 00 00 8B ........ ........ [080] 81 01 0B 6F DA 95 8A CC CC 07 1F 20 06 00 00 00 ...o.... ... .... [090] 03 14 00 00 00 00 00 01 01 00 00 00 00 00 01 00 ........ ........ [0A0] 00 00 00 00 0B 14 00 FF 01 1F 00 01 01 00 00 00 ........ ........ [0B0] 00 00 03 00 00 00 00 00 0B 14 00 FF 01 1F 00 01 ........ ........ [0C0] 01 00 00 00 00 00 03 01 00 00 00 ........ ... [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x29 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 87 of length 45 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=5569 smt_wct=3 smb_vwv[ 0]=13042 (0x32F2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 27450) conn 0x555555b8e840 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/reply.c:reply_close(3298) close directory fnum=13042 [2007/01/04 16:05:21, 10] locking/locking.c:parse_share_modes(501) parse_share_modes: delete_on_close: 0, initial_delete_on_close: 0, num_share_modes: 1 [2007/01/04 16:05:21, 10] locking/locking.c:parse_share_modes(594) parse_share_modes: share_mode_entry[0]: pid = 27450, share_access = 0x7, private_options = 0x200000, access_mask = 0x20080, mid = 0x0, type= 0x0, file_id = 9, uid = 50159, dev = 0xfd03, inode = 105496578 [2007/01/04 16:05:21, 5] smbd/files.c:file_free(448) freed files structure 13042 (0 used) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=5569 smt_wct=0 smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 88 of length 104 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5633 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (50159, 50000) - sec_ctx_stack_ndx = 0 [2007/01/04 16:05:21, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-184648075-2325076591-520604876-1344 contains 8 SIDs SID[ 0]: S-1-5-21-184648075-2325076591-520604876-1344 SID[ 1]: S-1-5-21-184648075-2325076591-520604876-1923 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-184648075-2325076591-520604876-513 SID[ 6]: S-1-5-21-184648075-2325076591-520604876-1296 SID[ 7]: S-1-5-32-545 SE_PRIV 0x0 0x0 0x0 0x0 [2007/01/04 16:05:21, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 50159 Primary group is 50000 and contains 4 supplementary groups Group[ 0]: 50037 Group[ 1]: 50000 Group[ 2]: 50018 Group[ 3]: 50041 [2007/01/04 16:05:21, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(50159,50159) gid=(0,50000) [2007/01/04 16:05:21, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /var/tmp [2007/01/04 16:05:21, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:21, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2007/01/04 16:05:21, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 7490 (pipes_open=1) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7490 [2007/01/04 16:05:21, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5633 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=36864 (0x9000) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 89 of length 140 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=5697 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29840 (0x7490) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7490 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7490 (pipes_open=1) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7490 name: lsarpc open: Yes len: 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345778 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ab [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7490 nwritten=72 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=5697 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x64 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 90 of length 104 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5760 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2007/01/04 16:05:21, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2007/01/04 16:05:21, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=1) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name lsarpc pnum=7490 [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 2 for pipe lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=1) [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 7491 (pipes_open=2) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7491 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7490 [2007/01/04 16:05:21, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5760 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=37120 (0x9100) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 91 of length 63 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=5825 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29840 (0x7490) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7490 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7491 (pipes_open=2) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7490 (pipes_open=2) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7490 name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7490 min=1024 max=1024 nread=68 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=5825 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x88 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 92 of length 140 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=5889 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29841 (0x7491) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 02 00 00 ........ .H...... [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 00 00 01 ......S. ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7491 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7491 (pipes_open=2) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7490 (pipes_open=2) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7491 name: lsarpc open: Yes len: 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345778 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ab [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2007/01/04 16:05:21, 10] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7491 nwritten=72 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=5889 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 180 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0xb4 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 93 of length 184 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5952 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29840 (0x7490) smb_bcc=113 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 01 00 00 ........ .`...... [020] 00 48 00 00 00 00 00 2C 00 48 FF 24 01 09 00 00 .H....., .H.$.... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 62 00 69 ........ .\.\.b.i [040] 00 74 00 73 00 6D 00 62 00 00 00 C9 11 18 00 00 .t.s.m.b ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 78 FA F8 02 0C 00 00 00 02 00 01 00 00 08 00 .x...... ........ [070] 00 . [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=96 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7490 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7491 (pipes_open=2) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7490 (pipes_open=2) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7490) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b571d0 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7490 name: lsarpc open: Yes len: 96 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 96 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 80 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0060 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 80 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 80, incoming data = 80 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000048 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002c [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x555555661130 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr : 0124ff48 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.b.i.t.s.m.b... [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000022 lsa_io_obj_attr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 len : 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 ptr_root_dir: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr_obj_name: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 attributes : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 ptr_sec_desc: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 ptr_sec_qos : 02f8fa78 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 00003c lsa_io_obj_qos sec_qos [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c len : 0000000c [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0040 sec_imp_level : 0002 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0042 sec_ctxt_mode : 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0043 effective_only: 00 [2007/01/04 16:05:21, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 des_access: 00000800 [2007/01/04 16:05:21, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000800, for NT token with 8 entries and first sid S-1-5-21-184648075-2325076591-520604876-1344. [2007/01/04 16:05:21, 3] lib/util_seaccess.c:se_access_check(250) [2007/01/04 16:05:21, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-184648075-2325076591-520604876-1344 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1923 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-184648075-2325076591-520604876-513 se_access_check: also S-1-5-21-184648075-2325076591-520604876-1296 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 800 [2007/01/04 16:05:21, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (800) granted. [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 07 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000007 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 854 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 80 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7490 name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/01/04 16:05:21, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=5952 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 00 00 ........ ........ [020] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 00 00 00 ........ E:k..... [030] 00 . [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x3b [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 94 of length 63 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=6017 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29841 (0x7491) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7491 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7491 (pipes_open=2) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7490 (pipes_open=2) [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7491 name: lsarpc len: 1024 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/01/04 16:05:21, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7491 min=1024 max=1024 nread=68 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=6017 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 02 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2007/01/04 16:05:21, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: -1 [2007/01/04 16:05:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 272 [2007/01/04 16:05:21, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x110 [2007/01/04 16:05:21, 3] smbd/process.c:process_smb(1110) Transaction 95 of length 276 [2007/01/04 16:05:21, 5] lib/util.c:show_msg(485) [2007/01/04 16:05:21, 5] lib/util.c:show_msg(495) size=272 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=3768 smb_uid=101 smb_mid=6080 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 188 (0xBC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 188 (0xBC) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29840 (0x7490) smb_bcc=205 [2007/01/04 16:05:21, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 BC 00 00 00 03 00 00 ........ ........ [020] 00 A4 00 00 00 00 00 39 00 00 00 00 00 07 00 00 .......9 ........ [030] 00 00 00 00 00 B1 17 9D 45 3A 6B 00 00 03 00 00 ........ E:k..... [040] 00 88 1B 13 00 03 00 00 00 F0 A9 20 01 48 64 25 ........ ... .Hd% [050] 01 58 9B 0D 00 05 00 00 00 01 05 00 00 00 00 00 .X...... ........ [060] 05 15 00 00 00 8B 81 01 0B 6F DA 95 8A CC CC 07 ........ .o...... [070] 1F 85 07 00 00 05 00 00 00 01 05 00 00 00 00 00 ........ ........ [080] 05 15 00 00 00 8B 81 01 0B 6F DA 95 8A CC CC 07 ........ .o...... [090] 1F D2 04 00 00 05 00 00 00 01 05 00 00 00 00 00 ........ ........ [0A0] 05 15 00 00 00 8B 81 01 0B 6F DA 95 8A CC CC 07 ........ .o...... [0B0] 1F 20 06 00 00 00 00 00 00 00 00 00 00 01 00 00 . ...... ........ [0C0] 00 00 00 00 00 00 00 00 00 02 00 00 00 ........ ..... [2007/01/04 16:05:21, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 27450) conn 0x555555b8f680 [2007/01/04 16:05:21, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2007/01/04 16:05:21, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=188 params=0 setup=2 [2007/01/04 16:05:21, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/01/04 16:05:21, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/01/04 16:05:21, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/01/04 16:05:21, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7490 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7491 (pipes_open=2) [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7490 (pipes_open=2) [2007/01/04 16:05:21, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7490) [2007/01/04 16:05:21, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555b571d0 max_trans_reply: 1024 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7490 name: lsarpc open: Yes len: 188 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 188 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 188 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 188, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 172 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 172 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00bc [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 172 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 172, incoming data = 172 [2007/01/04 16:05:21, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 000000a4 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0039 [2007/01/04 16:05:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/01/04 16:05:21, 5] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/01/04 16:05:21, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x39 - api_rpcTNP: rpc command: LSA_LOOKUPSIDS2 [2007/01/04 16:05:21, 6] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[30].fn == 0x555555663bf0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_lookup_sids2 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol_hnd [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000007 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b1 17 9d 45 3a 6b 00 00 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 lsa_io_sid_enum sids [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 num_entries : 00000003 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr_sid_enum: 00131b88 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c num_entries2: 00000003 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 ptr_sid[0]: 0120a9f0 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 ptr_sid[1]: 01256448 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 ptr_sid[2]: 000d9b58 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_dom_sid2 sid[0] [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c num_auths: 00000005 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid sid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0030 sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0031 num_auths : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0032 id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0033 id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0034 id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0035 id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0036 id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0037 id_auth[5] : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0038 sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc 00000785 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_dom_sid2 sid[1] [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c num_auths: 00000005 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid sid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0050 sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0051 num_auths : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0052 id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0053 id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0054 id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0055 id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0056 id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0057 id_auth[5] : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0058 sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc 000004d2 [2007/01/04 16:05:21, 7] rpc_parse/parse_prs.c:prs_debug(84) 00006c smb_io_dom_sid2 sid[2] [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c num_auths: 00000005 [2007/01/04 16:05:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_dom_sid sid [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0070 sid_rev_num: 01 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0071 num_auths : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0072 id_auth[0] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0073 id_auth[1] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0074 id_auth[2] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0075 id_auth[3] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0076 id_auth[4] : 00 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0077 id_auth[5] : 05 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0078 sub_auths : 00000015 0b01818b 8a95da6f 1f07cccc 00000620 [2007/01/04 16:05:21, 6] rpc_parse/parse_prs.c:prs_debug(84) 00008c lsa_io_trans_names2 names [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c num_entries : 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0090 ptr_trans_names: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0094 level: 0001 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0098 mapped_count: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c unknown1: 00000000 [2007/01/04 16:05:21, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 unknown2: 00000002 [2007/01/04 16:05:21, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 B1 17 9D 45 ........ .......E [010] 3A 6B 00 00 :k.. [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:check_dom_sid_to_level(625) Accepting SID S-1-5-21-184648075-2325076591-520604876 in level 1 [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:check_dom_sid_to_level(625) Accepting SID S-1-5-21-184648075-2325076591-520604876 in level 1 [2007/01/04 16:05:21, 10] passdb/lookup_sid.c:check_dom_sid_to_level(625) Accepting SID S-1-5-21-184648075-2325076591-520604876 in level 1 [2007/01/04 16:05:21, 0] lib/fault.c:fault_report(41) =============================================================== [2007/01/04 16:05:21, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 6 in pid 27450 (3.0.23d-6-1083-SUSE-SL10.2) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/01/04 16:05:21, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/01/04 16:05:21, 0] lib/fault.c:fault_report(45) =============================================================== [2007/01/04 16:05:21, 0] lib/util.c:smb_panic(1599) PANIC (pid 27450): internal error [2007/01/04 16:05:21, 0] lib/util.c:log_stack_trace(1706) BACKTRACE: 24 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x55555575260c] #1 /usr/sbin/smbd(smb_panic+0x43) [0x5555557526f3] #2 /usr/sbin/smbd [0x555555740c72] #3 /lib64/libpthread.so.0 [0x2b2fff86c130] #4 /lib64/libc.so.6(gsignal+0x35) [0x2b3000b75535] #5 /lib64/libc.so.6(abort+0x110) [0x2b3000b76990] #6 /usr/sbin/smbd [0x555555757739] #7 /usr/sbin/smbd(talloc_steal+0x35) [0x5555557578e5] #8 /usr/sbin/smbd(lookup_sids+0x34e) [0x555555717cee] #9 /usr/sbin/smbd [0x555555666e5f] #10 /usr/sbin/smbd(_lsa_lookup_sids2+0x113) [0x5555556673f3] #11 /usr/sbin/smbd [0x555555663ce0] #12 /usr/sbin/smbd(api_rpcTNP+0x16d) [0x5555556b4d0d] #13 /usr/sbin/smbd(api_pipe_request+0x168) [0x5555556b5248] #14 /usr/sbin/smbd [0x5555556b1426] #15 /usr/sbin/smbd [0x5555556b18bd] #16 /usr/sbin/smbd [0x5555555ca413] #17 /usr/sbin/smbd [0x5555555ca7f2] #18 /usr/sbin/smbd(reply_trans+0x650) [0x5555555cb110] #19 /usr/sbin/smbd [0x555555617ac2] #20 /usr/sbin/smbd(smbd_process+0x720) [0x555555618aa0] #21 /usr/sbin/smbd(main+0xa0b) [0x5555557e4efb] #22 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2b3000b62ae4] #23 /usr/sbin/smbd [0x5555555b21c9]