[2008/07/16 17:09:10, 0] smbd/server.c:main(1208) smbd version 3.2.0-17.fc9 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2008/07/16 17:09:10, 5] lib/debug.c:debug_dump_status(395) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2008/07/16 17:09:10, 4] param/loadparm.c:lp_load_ex(8724) pm_process() returned Yes [2008/07/16 17:09:10, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find homes [2008/07/16 17:09:10, 10] param/loadparm.c:set_server_role(7905) set_server_role: role = ROLE_DOMAIN_MEMBER [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UCS-2LE [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset UCS-2LE [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UTF-16LE [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset UTF-16LE [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UCS-2BE [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset UCS-2BE [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UTF-16BE [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset UTF-16BE [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UTF8 [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset UTF8 [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UTF-8 [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset UTF-8 [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset ASCII [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset ASCII [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset 646 [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset 646 [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset ISO-8859-1 [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset ISO-8859-1 [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UCS2-HEX [2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) Registered charset UCS2-HEX [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 2] lib/tallocmsg.c:register_msg_pool_usage(106) Registered MSG_REQ_POOL_USAGE [2008/07/16 17:09:10, 2] lib/dmallocmsg.c:register_dmalloc_msgs(77) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2008/07/16 17:09:10, 3] param/loadparm.c:lp_load_ex(8681) lp_load_ex: refreshing parameters Initialising global parameters [2008/07/16 17:09:10, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2008/07/16 17:09:10, 3] param/loadparm.c:do_section(7346) Processing section "[global]" doing parameter workgroup = MACROSCOOP doing parameter server string = Fedora 9 - Samba %v doing parameter printing = cups doing parameter printcap name = cups doing parameter load printers = yes doing parameter socket options = TCP_NODELAY doing parameter dns proxy = no doing parameter time server = yes doing parameter security = ads doing parameter realm = MACROSCOOP.NL doing parameter encrypt passwords = yes doing parameter disable netbios = yes doing parameter smb ports = 445 doing parameter ldap admin dn = cn=Manager,dc=macroscoop,dc=nl doing parameter ldap suffix = dc=macroscoop,dc=nl doing parameter ldap idmap suffix = ou=Idmap doing parameter idmap backend = ldap:ldap://idmap.macroscoop.nl doing parameter idmap uid = 150000-550000 doing parameter idmap gid = 150000-550000 doing parameter template homedir = /home/%U doing parameter template shell = /bin/bash doing parameter winbind use default domain = yes doing parameter log level = 10 [2008/07/16 17:09:10, 5] lib/debug.c:debug_dump_status(395) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2008/07/16 17:09:10, 2] param/loadparm.c:do_section(7363) Processing section "[homes]" [2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 0 for homes [2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5800) hash_a_service: creating servicehash [2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 0 for service name homes doing parameter comment = Home Directories doing parameter browseable = no doing parameter writable = yes [2008/07/16 17:09:10, 2] param/loadparm.c:do_section(7363) Processing section "[printers]" [2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 1 for printers [2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 1 for service name printers doing parameter comment = All Printers doing parameter path = /var/spool/samba doing parameter browseable = no doing parameter guest ok = no doing parameter writable = no doing parameter printable = yes [2008/07/16 17:09:10, 2] param/loadparm.c:do_section(7363) Processing section "[print$]" [2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 2 for print$ [2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 2 for service name print$ doing parameter comment = Printer Drivers doing parameter path = /var/spool/samba/drivers doing parameter browseable = no doing parameter guest ok = no doing parameter read only = no [2008/07/16 17:09:10, 4] param/loadparm.c:lp_load_ex(8724) pm_process() returned Yes [2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 3 for IPC$ [2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 3 for service name IPC$ [2008/07/16 17:09:10, 3] param/loadparm.c:lp_add_ipc(5906) adding IPC service [2008/07/16 17:09:10, 10] param/loadparm.c:set_server_role(7905) set_server_role: role = ROLE_DOMAIN_MEMBER [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:10, 3] printing/pcap.c:pcap_cache_reload(116) reloading printcap cache [2008/07/16 17:09:10, 5] printing/print_cups.c:cups_cache_reload(93) reloading cups printcap cache [2008/07/16 17:09:10, 10] printing/print_cups.c:cups_connect(64) connecting to cups server /var/run/cups/cups.sock:631 [2008/07/16 17:09:10, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/07/16 17:09:10, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find zetahack [2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 4 for zetahack [2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 4 for service name zetahack [2008/07/16 17:09:10, 3] param/loadparm.c:lp_add_printer(5945) adding printer service zetahack [2008/07/16 17:09:10, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find Cups-PDF [2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 5 for Cups-PDF [2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 5 for service name Cups-PDF [2008/07/16 17:09:10, 3] param/loadparm.c:lp_add_printer(5945) adding printer service Cups-PDF [2008/07/16 17:09:10, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 [2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) added interface eth0 ip=2001:7b8:3cf:0:219:d1ff:fee3:a53b bcast=2001:7b8:3cf:0:ffff:ffff:ffff:ffff netmask=ffff:ffff:ffff:ffff:: [2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) added interface eth1 ip=fe80::201:36ff:fe07:1266%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: [2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) added interface eth0 ip=fe80::219:d1ff:fee3:a53b%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) added interface virbr0 ip=fe80::d45a:7eff:fe62:c257%virbr0 bcast=fe80::ffff:ffff:ffff:ffff%virbr0 netmask=ffff:ffff:ffff:ffff:: [2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) added interface eth1 ip=192.168.119.1 bcast=192.168.119.255 netmask=255.255.255.0 [2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255 netmask=255.255.255.0 [2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) added interface eth0 ip=62.177.168.217 bcast=62.177.168.255 netmask=255.255.255.0 [2008/07/16 17:09:10, 5] lib/util.c:init_names(274) Netbios name list:- my_netbios_names[0]="APPEL" [2008/07/16 17:09:10, 3] smbd/server.c:main(1255) loaded services [2008/07/16 17:09:10, 3] smbd/server.c:main(1270) Becoming a daemon. [2008/07/16 17:09:10, 8] lib/util.c:fcntl_lock(2017) fcntl_lock fd=8 op=13 offset=0 count=1 type=1 [2008/07/16 17:09:10, 8] lib/util.c:fcntl_lock(2036) fcntl_lock: Lock call successful [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend ldapsam [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'ldapsam' [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend ldapsam_compat [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'ldapsam_compat' [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend NDS_ldapsam [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'NDS_ldapsam' [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend NDS_ldapsam_compat [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'NDS_ldapsam_compat' [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend smbpasswd [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'smbpasswd' [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend tdbsam [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'tdbsam' [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:make_pdb_method_name(133) Attempting to find an passdb backend to match smbpasswd (smbpasswd) [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:make_pdb_method_name(154) Found pdb backend smbpasswd [2008/07/16 17:09:10, 5] passdb/pdb_interface.c:make_pdb_method_name(165) pdb backend smbpasswd has a valid init [2008/07/16 17:09:10, 5] lib/gencache.c:gencache_init(61) Opening cache file at /var/lib/samba/gencache.tdb [2008/07/16 17:09:10, 5] libsmb/namecache.c:namecache_enable(59) namecache_enable: enabling netbios namecache, timeout 660 seconds [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_init(73) reghook_cache_init: new tree with default ops 0xb8017aa0 for key [] [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a26c0 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2b40 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2278 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a4b00 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a1d78 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2408 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2858 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2720 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Samba\smbconf] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Samba] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Samba] with subkey [smbconf] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Samba\smbconf] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a1dc8 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2430 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a20d0 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2b90 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a1520 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a1520 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a20d0 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a16e8 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a1b88 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2280 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Tcpip] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip] with subkey [Parameters] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a20d0 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a20d0 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a20d0 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a1b88 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKU] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKU] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B5500 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2ac8 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B5500 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B5500 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2ac8 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B5500 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKCR] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKCR] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B435200 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a4b80 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B435200 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B435200 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a4b80 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B435200 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKPD] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKPD] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B504400 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a4bc0 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B504400 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B504400 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a4bc0 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B504400 [2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKPT] [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKPT] with subkey [NULL] [2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B505400 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a1530 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B505400 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B505400 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a1530 [2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B505400 [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:regdb_fetch_values(868) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [Samba Printer Port], len: 2 [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:regdb_fetch_values(868) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [DefaultSpoolDirectory], len: 70 [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:regdb_fetch_values(868) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [DisplayName], len: 20 [2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [ErrorControl], len: 4 [2008/07/16 17:09:10, 10] registry/reg_backend_db.c:regdb_fetch_values(868) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [DisplayName], len: 20 [2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [ErrorControl], len: 4 [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017c20 for key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017c20 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017c20 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017c60 for key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017b40 for key [/HKLM/SOFTWARE/Samba/smbconf] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Samba/smbconf] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017ca0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017ce0 for key [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017d20 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017d60 for key [/HKPT] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKPT] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017da0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0xb8017de0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] to tree [2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/07/16 17:09:11, 10] passdb/lookup_sid.c:uid_to_sid(1306) uid 0 -> sid S-1-22-1 [2008/07/16 17:09:11, 10] passdb/lookup_sid.c:gid_to_sid(1335) gid 0 -> sid S-1-22-2 [2008/07/16 17:09:11, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-22-1 [2008/07/16 17:09:11, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 150256 [2008/07/16 17:09:11, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 150257 [2008/07/16 17:09:11, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/16 17:09:11, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/16 17:09:11, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/16 17:09:11, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:11, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:11, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (1) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Spooler] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Spooler] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [NETLOGON] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [NETLOGON] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [RemoteRegistry] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [RemoteRegistry] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [WINS] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [WINS] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (1) [2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (0) [2008/07/16 17:09:11, 10] printing/nt_printing.c:update_c_setprinter(737) update_c_setprinter: c_setprinter = 0 [2008/07/16 17:09:11, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/MACROSCOOP.NL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2008/07/16 17:09:11, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for MACROSCOOP.NL: "Default-First-Site-Name" [2008/07/16 17:09:11, 6] libads/ldap.c:ads_find_dc(318) ads_find_dc: looking for realm 'MACROSCOOP.NL' [2008/07/16 17:09:11, 8] libsmb/namequery.c:get_sorted_dc_list(2093) get_sorted_dc_list: attempting lookup for name MACROSCOOP.NL (sitename Default-First-Site-Name) using [ads] [2008/07/16 17:09:11, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/MACROSCOOP.NL, value = 62.177.168.231, timeout = Wed Jul 16 17:24:11 2008 [2008/07/16 17:09:11, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "62.177.168.231" for "MACROSCOOP.NL" domain [2008/07/16 17:09:11, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "62.177.168.231, *" [2008/07/16 17:09:11, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up MACROSCOOP.NL#1c (sitename Default-First-Site-Name) [2008/07/16 17:09:11, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/MACROSCOOP.NL#1C, value = 62.177.168.231:389,[2001:7b8:3cf:0:20c:76ff:fe29:35b0]:389,62.177.168.234:389,[2001:7b8:3cf:0:207:e9ff:fe3f:86b]:389, timeout = Wed Jul 16 17:16:01 2008 [2008/07/16 17:09:11, 5] libsmb/namecache.c:namecache_fetch(233) name MACROSCOOP.NL#1C found. [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/16 17:09:11, 8] libsmb/namequery.c:get_dc_list(1930) Adding 4 DC's from auto lookup [2008/07/16 17:09:11, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/07/16 17:09:11, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 4 ip addresses in an ordered list [2008/07/16 17:09:11, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 62.177.168.231:389 2001:7b8:3cf:0:20c:76ff:fe29:35b0:389 62.177.168.234:389 2001:7b8:3cf:0:207:e9ff:fe3f:86b:389 [2008/07/16 17:09:11, 5] libads/ldap.c:ads_try_connect(188) ads_try_connect: sending CLDAP request to 62.177.168.231 (realm: MACROSCOOP.NL) r : union nbt_cldap_netlogon(case 6) logon5: struct nbt_cldap_netlogon_5 type : NETLOGON_RESPONSE_FROM_PDC2 (23) sbz : 0x0000 (0) server_type : 0x000001f8 (504) 0: NBT_SERVER_PDC 0: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 domain_uuid : 70310d83-1b97-4488-89ae-9669a4dbe6bc forest : 'macroscoop.nl' dns_domain : 'macroscoop.nl' pdc_dns_name : 'dou.macroscoop.nl' domain : 'MACROSCOOP' pdc_name : 'DOU' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' nt_version : 0x00000005 (5) 1: NETLOGON_VERSION_1 0: NETLOGON_VERSION_5 1: NETLOGON_VERSION_5EX 0: NETLOGON_VERSION_5EX_WITH_IP 0: NETLOGON_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_VERSION_AVOID_NT4_EMUL 0: NETLOGON_VERSION_PDC 0: NETLOGON_VERSION_IP 0: NETLOGON_VERSION_LOCAL 0: NETLOGON_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2008/07/16 17:09:11, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [MACROSCOOP], sitename = [Default-First-Site-Name], expire = [2147483647] [2008/07/16 17:09:11, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/MACROSCOOP; value = Default-First-Site-Name and timeout = Tue Jan 19 04:14:07 2038 (931262696 seconds ahead) [2008/07/16 17:09:11, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [macroscoop.nl], sitename = [Default-First-Site-Name], expire = [2147483647] [2008/07/16 17:09:11, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/MACROSCOOP.NL; value = Default-First-Site-Name and timeout = Tue Jan 19 04:14:07 2038 (931262696 seconds ahead) [2008/07/16 17:09:11, 3] libads/ldap.c:ads_connect(430) Successfully contacted LDAP server 62.177.168.231 [2008/07/16 17:09:11, 10] libads/ldap.c:ldap_open_with_timeout(62) Opening connection to LDAP server 'dou.macroscoop.nl:389', timeout 15 seconds [2008/07/16 17:09:11, 10] libads/ldap.c:ldap_open_with_timeout(76) Connected to LDAP server 'dou.macroscoop.nl:389' [2008/07/16 17:09:11, 3] libads/ldap.c:ads_connect(480) Connected to LDAP server dou.macroscoop.nl [2008/07/16 17:09:11, 10] libads/ldap.c:ads_closest_dc(155) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2008/07/16 17:09:11, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [MACROSCOOP], server = [62.177.168.231], expire = [1216221851] [2008/07/16 17:09:11, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/MACROSCOOP; value = 62.177.168.231 and timeout = Wed Jul 16 17:24:11 2008 (900 seconds ahead) [2008/07/16 17:09:11, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [MACROSCOOP.NL], server = [62.177.168.231], expire = [1216221851] [2008/07/16 17:09:11, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/MACROSCOOP.NL; value = 62.177.168.231 and timeout = Wed Jul 16 17:24:11 2008 (900 seconds ahead) [2008/07/16 17:09:11, 4] libads/ldap.c:ads_current_time(2607) time offset is 0 seconds [2008/07/16 17:09:11, 4] libads/sasl.c:ads_sasl_bind(1112) Found SASL mechanism GSS-SPNEGO [2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(789) ads_sasl_spnego_bind: got server principal name = dou$@MACROSCOOP.NL [2008/07/16 17:09:11, 3] libsmb/clikrb5.c:ads_krb5_mk_req(657) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2008/07/16 17:09:11, 10] libads/sasl.c:ads_sasl_spnego_bind(810) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit [2008/07/16 17:09:11, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) kerberos_kinit_password: as APPEL$@MACROSCOOP.NL using [MEMORY:prtpub_cache] as ccache and config [(null)] [2008/07/16 17:09:12, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(592) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Thu, 17 Jul 2008 03:09:11 CEST [2008/07/16 17:09:12, 10] libsmb/clikrb5.c:ads_krb5_mk_req(688) ads_krb5_mk_req: Ticket (dou$@MACROSCOOP.NL) in ccache (MEMORY:prtpub_cache) is valid until: (Thu, 17 Jul 2008 03:09:11 CEST - 1216256951) [2008/07/16 17:09:12, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(799) Got KRB5 session key of length 16 [2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_internal(4721) get_a_printer: [printers] level 2 [2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_2_default(4009) get_a_printer_2_default: driver name set to [] [2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1224) pulling printers location [2008/07/16 17:09:12, 10] printing/print_cups.c:cups_connect(64) connecting to cups server /var/run/cups/cups.sock:631 [2008/07/16 17:09:12, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 sec_io_desc_buf nt_printing_getsec [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 max_len: 000000c8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 ptr : 00000001 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0008 len : 000000c8 [2008/07/16 17:09:12, 7] rpc_parse/parse_prs.c:prs_debug(88) 00000c sec_io_desc sec [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c revision: 0001 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000e type : 8004 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 off_owner_sid: 000000a8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 off_grp_sid : 000000b8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0018 off_sacl : 00000000 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c off_dacl : 00000014 [2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) 0000b4 smb_io_dom_sid owner_sid [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b4 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b5 num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b6 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b7 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b8 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b9 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ba id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00bb id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 00bc sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) 000020 sec_io_acl dacl [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 revision: 0002 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 size : 0094 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 num_aces : 00000005 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000028 sec_io_ace ace_list[00]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0029 flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a size : 0014 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c access_mask: 20020008 [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 num_auths : 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0034 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0035 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0036 id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0037 id_auth[5] : 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0038 sub_auths : 00000000 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 00003c sec_io_ace ace_list[01]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003c type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003d flags: 09 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003e size : 0024 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000044 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0044 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0045 num_auths : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0046 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0047 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 004c sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000060 sec_io_ace ace_list[02]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0060 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0061 flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0062 size : 0024 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0064 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000068 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0068 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0069 num_auths : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006a id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006b id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006c id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006d id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006e id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006f id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0070 sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000084 sec_io_ace ace_list[03]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0084 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0085 flags: 09 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0086 size : 0018 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0088 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 00008c smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008c sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008d num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008e id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008f id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0090 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0091 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0092 id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0093 id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0094 sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 00009c sec_io_ace ace_list[04]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009c type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009d flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 009e size : 0018 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 00a0 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 0000a4 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a4 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a5 num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a6 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a7 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a8 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a9 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00aa id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ab id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 00ac sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5668) secdesc_ctr for printers has 5 aces: [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-1-0 0 2 0x20020008 [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-21-995976282-251809560-1267956476-500 0 9 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-21-995976282-251809560-1267956476-500 0 2 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-32-544 0 9 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-32-544 0 2 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_internal(4721) get_a_printer: [zetahack] level 2 [2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_2_default(4009) get_a_printer_2_default: driver name set to [] [2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1224) pulling zetahack location [2008/07/16 17:09:12, 10] printing/print_cups.c:cups_connect(64) connecting to cups server /var/run/cups/cups.sock:631 [2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1312) cups_pull_comment_location: Using cups location: [2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1300) cups_pull_comment_location: Using cups comment: Zetafax hack [2008/07/16 17:09:12, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 sec_io_desc_buf nt_printing_getsec [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 max_len: 000000c8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 ptr : 00000001 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0008 len : 000000c8 [2008/07/16 17:09:12, 7] rpc_parse/parse_prs.c:prs_debug(88) 00000c sec_io_desc sec [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c revision: 0001 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000e type : 8004 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 off_owner_sid: 000000a8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 off_grp_sid : 000000b8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0018 off_sacl : 00000000 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c off_dacl : 00000014 [2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) 0000b4 smb_io_dom_sid owner_sid [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b4 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b5 num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b6 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b7 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b8 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b9 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ba id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00bb id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 00bc sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) 000020 sec_io_acl dacl [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 revision: 0002 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 size : 0094 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 num_aces : 00000005 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000028 sec_io_ace ace_list[00]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0029 flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a size : 0014 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c access_mask: 20020008 [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 num_auths : 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0034 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0035 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0036 id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0037 id_auth[5] : 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0038 sub_auths : 00000000 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 00003c sec_io_ace ace_list[01]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003c type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003d flags: 09 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003e size : 0024 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000044 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0044 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0045 num_auths : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0046 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0047 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 004c sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000060 sec_io_ace ace_list[02]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0060 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0061 flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0062 size : 0024 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0064 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000068 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0068 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0069 num_auths : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006a id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006b id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006c id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006d id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006e id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006f id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0070 sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000084 sec_io_ace ace_list[03]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0084 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0085 flags: 09 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0086 size : 0018 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0088 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 00008c smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008c sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008d num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008e id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008f id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0090 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0091 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0092 id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0093 id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0094 sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 00009c sec_io_ace ace_list[04]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009c type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009d flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 009e size : 0018 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 00a0 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 0000a4 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a4 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a5 num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a6 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a7 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a8 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a9 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00aa id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ab id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 00ac sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5668) secdesc_ctr for zetahack has 5 aces: [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-1-0 0 2 0x20020008 [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-21-995976282-251809560-1267956476-500 0 9 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-21-995976282-251809560-1267956476-500 0 2 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-32-544 0 9 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-32-544 0 2 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_internal(4721) get_a_printer: [Cups-PDF] level 2 [2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_2_default(4009) get_a_printer_2_default: driver name set to [] [2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1224) pulling Cups-PDF location [2008/07/16 17:09:12, 10] printing/print_cups.c:cups_connect(64) connecting to cups server /var/run/cups/cups.sock:631 [2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1312) cups_pull_comment_location: Using cups location: [2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1300) cups_pull_comment_location: Using cups comment: Cups-PDF [2008/07/16 17:09:12, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 sec_io_desc_buf nt_printing_getsec [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 max_len: 000000c8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 ptr : 00000001 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0008 len : 000000c8 [2008/07/16 17:09:12, 7] rpc_parse/parse_prs.c:prs_debug(88) 00000c sec_io_desc sec [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c revision: 0001 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000e type : 8004 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 off_owner_sid: 000000a8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 off_grp_sid : 000000b8 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0018 off_sacl : 00000000 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c off_dacl : 00000014 [2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) 0000b4 smb_io_dom_sid owner_sid [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b4 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b5 num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b6 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b7 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b8 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b9 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ba id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00bb id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 00bc sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) 000020 sec_io_acl dacl [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 revision: 0002 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 size : 0094 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 num_aces : 00000005 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000028 sec_io_ace ace_list[00]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0029 flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a size : 0014 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c access_mask: 20020008 [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 num_auths : 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0034 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0035 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0036 id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0037 id_auth[5] : 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0038 sub_auths : 00000000 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 00003c sec_io_ace ace_list[01]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003c type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003d flags: 09 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003e size : 0024 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000044 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0044 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0045 num_auths : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0046 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0047 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 004c sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000060 sec_io_ace ace_list[02]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0060 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0061 flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0062 size : 0024 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0064 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 000068 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0068 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0069 num_auths : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006a id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006b id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006c id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006d id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006e id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006f id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0070 sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 000084 sec_io_ace ace_list[03]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0084 type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0085 flags: 09 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0086 size : 0018 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0088 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 00008c smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008c sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008d num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008e id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008f id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0090 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0091 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0092 id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0093 id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0094 sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) 00009c sec_io_ace ace_list[04]: [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009c type : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009d flags: 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) 009e size : 0018 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) 00a0 access_mask: 100f000c [2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) 0000a4 smb_io_dom_sid trustee [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a4 sid_rev_num: 01 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a5 num_auths : 02 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a6 id_auth[0] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a7 id_auth[1] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a8 id_auth[2] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a9 id_auth[3] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00aa id_auth[4] : 00 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ab id_auth[5] : 05 [2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 00ac sub_auths : 00000020 00000220 [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5668) secdesc_ctr for Cups-PDF has 5 aces: [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-1-0 0 2 0x20020008 [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-21-995976282-251809560-1267956476-500 0 9 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-21-995976282-251809560-1267956476-500 0 2 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-32-544 0 9 0x100f000c [2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-32-544 0 2 0x100f000c [2008/07/16 17:09:12, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/16 17:09:12, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/16 17:09:12, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/16 17:09:12, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:12, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:12, 6] passdb/pdb_interface.c:pdb_getsampwsid(273) pdb_getsampwsid: Building guest account [2008/07/16 17:09:12, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username nobody, was [2008/07/16 17:09:12, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Nobody, was [2008/07/16 17:09:12, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain APPEL, was [2008/07/16 17:09:12, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-1277291749-436816279-1941180597-501 [2008/07/16 17:09:12, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1277291749-436816279-1941180597-501 from rid 501 [2008/07/16 17:09:12, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:12, 10] lib/system_smbd.c:sys_getgrouplist(122) sys_getgrouplist: user [nobody] [2008/07/16 17:09:12, 10] passdb/lookup_sid.c:gid_to_sid(1335) gid 99 -> sid S-1-22-2-99 [2008/07/16 17:09:12, 5] auth/auth_util.c:make_server_info_sam(622) make_server_info_sam: made server info for user nobody -> nobody [2008/07/16 17:09:12, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-1277291749-436816279-1941180597-501 [2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 150256 [2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 150257 [2008/07/16 17:09:12, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/16 17:09:12, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/16 17:09:12, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/16 17:09:12, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:12, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:12, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-99 -> gid 99 [2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-1-0 [2008/07/16 17:09:12, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-1-0 to gid, ignoring it [2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-2 [2008/07/16 17:09:12, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-2 to gid, ignoring it [2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-32-546 [2008/07/16 17:09:12, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-32-546 to gid, ignoring it [2008/07/16 17:09:12, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1277291749-436816279-1941180597-501 contains 5 SIDs SID[ 0]: S-1-5-21-1277291749-436816279-1941180597-501 SID[ 1]: S-1-22-2-99 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/16 17:09:12, 3] printing/printing.c:start_background_queue(1397) start_background_queue: Starting background LPQ thread [2008/07/16 17:09:12, 5] printing/printing.c:start_background_queue(1407) [2008/07/16 17:09:12, 10] lib/util_sock.c:open_socket_in(1280) start_background_queue: background LPQ thread started bind succeeded on port 445 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 0 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/16 17:09:12, 5] smbd/connection.c:claim_connection(142) [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) claiming [smbd lpq backend] socket option SO_SNDBUF = 16384 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 Locking key BE300000FFFFFFFF736D [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) Allocated locked data 0x0xb95abe60 socket option SO_REUSEADDR = 1 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) [2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) socket option TCP_NODELAY = 1 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 Unlocking key BE300000FFFFFFFF736D [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) [2008/07/16 17:09:12, 5] printing/printing.c:start_background_queue(1424) socket option IPTOS_THROUGHPUT = 0 start_background_queue: background LPQ thread waiting for messages [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/16 17:09:12, 2] lib/util_sock.c:open_socket_in(1267) bind failed on port 445 socket_addr = 0.0.0.0. Error = Address already in use [2008/07/16 17:09:12, 5] smbd/connection.c:claim_connection(142) claiming [] [2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key B9300000FFFFFFFF0000 [2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95abe60 [2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key B9300000FFFFFFFF0000 [2008/07/16 17:09:12, 2] smbd/server.c:open_sockets_smbd(580) waiting for a connection [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 [2008/07/16 17:09:17, 3] smbd/oplock.c:init_oplocks(875) init_oplocks: initializing messages. [2008/07/16 17:09:17, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(241) Linux kernel oplocks enabled [2008/07/16 17:09:17, 10] lib/events.c:event_add_timed(128) Added timed event "idle_evt(keepalive)": b95af0a8 [2008/07/16 17:09:17, 10] lib/events.c:event_add_timed(128) Added timed event "idle_evt(deadtime)": b95af248 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 133 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x85 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 137 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 12479) conn 0x0 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [PC NETWORK PROGRAM 1.0] [2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN1.0] [2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [Windows for Workgroups 3.1a] [2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LM1.2X002] [2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN2.1] [2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2008/07/16 17:09:17, 10] lib/util.c:set_remote_arch(2201) set_remote_arch: Client arch is 'Win2K' [2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 [2008/07/16 17:09:17, 5] smbd/connection.c:claim_connection(142) claiming [] [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key BF300000FFFFFFFF0000 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95af900 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key BF300000FFFFFFFF0000 [2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 [2008/07/16 17:09:17, 10] lib/util.c:name_to_fqdn(2956) name_to_fqdn: lookup for APPEL -> APPEL.macroscoop.nl. [2008/07/16 17:09:17, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LM 0.12 [2008/07/16 17:09:17, 5] smbd/negprot.c:reply_negprot(680) negprot index=5 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=183 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=48896 (0xBF00) smb_vwv[ 8]= 48 (0x30) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=22796 (0x590C) smb_vwv[13]=21994 (0x55EA) smb_vwv[14]=51431 (0xC8E7) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=114 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 61 70 70 65 6C 00 00 00 00 00 00 00 00 00 00 00 appel... ........ [010] 60 60 06 06 2B 06 01 05 05 02 A0 56 30 54 A0 24 ``..+... ...V0T.$ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [040] 37 02 02 0A A3 2C 30 2A A0 28 1B 26 63 69 66 73 7....,0* .(.&cifs [050] 2F 61 70 70 65 6C 2E 6D 61 63 72 6F 73 63 6F 6F /appel.m acroscoo [060] 70 2E 6E 6C 40 4D 41 43 52 4F 53 43 4F 4F 50 2E p.nl@MAC ROSCOOP. [070] 4E 4C NL [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 1696 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x6a0 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 1 of length 1700 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=1696 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 1696 (0x6A0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 1534 (0x5FE) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=1637 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 60 82 05 FA 06 06 2B 06 01 05 05 02 A0 82 05 EE `.....+. ........ [010] 30 82 05 EA A0 24 30 22 06 09 2A 86 48 82 F7 12 0....$0" ..*.H... [020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ [030] 2B 06 01 04 01 82 37 02 02 0A A2 82 05 C0 04 82 +.....7. ........ [040] 05 BC 60 82 05 B8 06 09 2A 86 48 86 F7 12 01 02 ..`..... *.H..... [050] 02 01 00 6E 82 05 A7 30 82 05 A3 A0 03 02 01 05 ...n...0 ........ [060] A1 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 ........ .. ..... [070] 04 D1 61 82 04 CD 30 82 04 C9 A0 03 02 01 05 A1 ..a...0. ........ [080] 0F 1B 0D 4D 41 43 52 4F 53 43 4F 4F 50 2E 4E 4C ...MACRO SCOOP.NL [090] A2 26 30 24 A0 03 02 01 02 A1 1D 30 1B 1B 04 63 .&0$.... ...0...c [0A0] 69 66 73 1B 13 61 70 70 65 6C 2E 6D 61 63 72 6F ifs..app el.macro [0B0] 73 63 6F 6F 70 2E 6E 6C A3 82 04 87 30 82 04 83 scoop.nl ....0... [0C0] A0 03 02 01 17 A1 03 02 01 04 A2 82 04 75 04 82 ........ .....u.. [0D0] 04 71 8D 90 A2 68 43 78 7F B5 40 78 06 4D 62 71 .q...hCx ..@x.Mbq [0E0] 64 A6 6A EB BC 4E 6C 3B A7 9B 1C E3 3C 5A 55 4A d.j..Nl; ....&... [100] F6 B3 F8 BD 35 95 A1 C2 1E 4C 91 40 AD 60 E3 E8 ....5... .L.@.`.. [110] 37 A7 57 49 E5 59 78 0A 37 5A 62 D8 FE B1 E3 05 7.WI.Yx. 7Zb..... [120] 24 C8 B0 50 2E 19 D6 7F 4B 5D FC 43 D2 A8 84 CC $..P.... K].C.... [130] 0E 0E F5 C0 B4 80 9D 8A 03 26 7E F1 C3 3D B2 EA ........ .&~..=.. [140] EC A2 A6 98 69 61 31 0E A4 AD A1 60 4C 94 E3 67 ....ia1. ...`L..g [150] A5 23 43 2D 6A 50 A4 EB D0 7F D7 4E 33 15 76 02 .#C-jP.. ...N3.v. [160] F6 DA C6 2B B9 FB 99 FE 25 02 B9 60 A5 67 B9 75 ...+.... %..`.g.u [170] D0 C6 F3 22 76 2D E9 29 2D C0 A7 AA 39 37 D4 27 ..."v-.) -...97.' [180] A3 94 1D 3F B3 DF 65 22 1C E8 00 22 15 B6 AE 54 ...?..e" ..."...T [190] F6 DE A4 FA 53 59 24 88 D8 40 2C D8 23 4C A8 13 ....SY$. .@,.#L.. [1A0] 16 76 33 AD 49 D1 7C BA 9D 1A EF 21 1A 65 22 EC .v3.I.|. ...!.e". [1B0] 59 DB A4 2A 9F 41 1A 96 3A 20 40 41 3F 4F E4 B9 Y..*.A.. : @A?O.. [1C0] 89 4C 0F B3 E8 41 1F 39 9E 02 6E 04 10 C3 57 65 .L...A.9 ..n...We [1D0] F0 29 28 D0 6A 6C 8F CF 22 B8 B6 B2 B3 F5 BA 81 .)(.jl.. "....... [1E0] 5F 29 BC 47 CB DD 94 01 BE 3C 4A E6 91 7A C1 33 _).G.... .length = 1534 [2008/07/16 17:09:17, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) parse_spnego_mechanisms: Got OID 1 2 840 48018 1 2 2 [2008/07/16 17:09:17, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) parse_spnego_mechanisms: Got OID 1 2 840 113554 1 2 2 [2008/07/16 17:09:17, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2008/07/16 17:09:17, 3] smbd/sesssetup.c:reply_spnego_negotiate(800) reply_spnego_negotiate: Got secblob of size 1468 [2008/07/16 17:09:17, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(273) ads_secrets_verify_ticket: enc type [23] decrypted message ! [2008/07/16 17:09:17, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(799) Got KRB5 session key of length 16 [2008/07/16 17:09:17, 3] libads/authdata.c:decode_pac_data(301) Found account name from PAC: pim [Pim Zandbergen] [2008/07/16 17:09:17, 10] libads/authdata.c:decode_pac_data(303) Successfully validated Kerberos PAC [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 63 A5 BF 77 9A D0 51 E8 AA 6E 40 14 47 62 A1 45 c..w..Q. .n@.Gb.E [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 73 20 FA 89 E2 C4 67 E9 5B 70 C4 89 20 A7 E9 45 s ....g. [p.. ..E pac_data: struct PAC_DATA num_buffers : 0x00000004 (4) version : 0x00000000 (0) buffers: ARRAY(4) buffers: struct PAC_BUFFER type : PAC_TYPE_LOGON_INFO (1) _ndr_size : 0x000002f8 (760) info : * info : union PAC_INFO(case 1) logon_info: struct PAC_LOGON_INFO_CTR unknown1 : 0x00081001 (528385) unknown2 : 0xcccccccc (3435973836) _ndr_size : 0x000002e8 (744) unknown3 : 0x00000000 (0) info : * info: struct PAC_LOGON_INFO info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : Wed 16 Jul 2008 04:34:16 PM CEST CEST last_logoff : Tue 19 Jan 2038 04:14:07 AM CET CET acct_expiry : Tue 19 Jan 2038 04:14:07 AM CET CET last_password_change : Thu 14 Sep 2006 06:46:55 PM CEST CEST allow_password_change : Thu 14 Sep 2006 06:46:55 PM CEST CEST force_password_change : Tue 19 Jan 2038 04:14:07 AM CET CET account_name: struct lsa_String length : 0x0006 (6) size : 0x0006 (6) string : * string : 'pim' full_name: struct lsa_String length : 0x001c (28) size : 0x001c (28) string : * string : 'Pim Zandbergen' logon_script: struct lsa_String length : 0x0010 (16) size : 0x0010 (16) string : * string : 'test.bat' profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_count : 0x0d89 (3465) bad_password_count : 0x0000 (0) rid : 0x000003ed (1005) primary_gid : 0x00000200 (512) groups: struct samr_RidWithAttributeArray count : 0x00000004 (4) rids : * rids: ARRAY(4) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000200 (512) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x0000077b (1915) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000d90 (3472) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000020 (32) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 0: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 00000000000000000000000000000000 logon_server: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'DOU' domain: struct lsa_StringLarge length : 0x0014 (20) size : 0x0016 (22) string : * string : 'MACROSCOOP' domain_sid : * domain_sid : S-1-5-21-995976282-251809560-1267956476 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000210 (528) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000007 (7) sids : * sids: ARRAY(7) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-1209 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3497 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3475 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3471 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3485 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-1165 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3429 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) res_group_dom_sid : NULL res_groups: struct samr_RidWithAttributeArray count : 0x00000000 (0) rids : NULL _pad : 0x00000000 (0) buffers: struct PAC_BUFFER type : PAC_TYPE_LOGON_NAME (10) _ndr_size : 0x00000010 (16) info : * info : union PAC_INFO(case 10) logon_name: struct PAC_LOGON_NAME logon_time : Wed 16 Jul 2008 04:34:17 PM CEST CEST size : 0x0006 (6) account_name : 'pim' _pad : 0x00000000 (0) buffers: struct PAC_BUFFER type : PAC_TYPE_SRV_CHECKSUM (6) _ndr_size : 0x00000014 (20) info : * info : union PAC_INFO(case 6) srv_cksum: struct PAC_SIGNATURE_DATA type : 0xffffff76 (4294967158) signature : DATA_BLOB length=16 _pad : 0x00000000 (0) buffers: struct PAC_BUFFER type : PAC_TYPE_KDC_CHECKSUM (7) _ndr_size : 0x00000014 (20) info : * info : union PAC_INFO(case 7) kdc_cksum: struct PAC_SIGNATURE_DATA type : 0xffffff76 (4294967158) signature : DATA_BLOB length=16 _pad : 0x00000000 (0) [2008/07/16 17:09:17, 3] smbd/sesssetup.c:reply_spnego_kerberos(356) Ticket name is [pim@MACROSCOOP.NL] [2008/07/16 17:09:17, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(139) netsamlogon_cache_store: SID [S-1-5-21-995976282-251809560-1267956476-1005] &r: struct netsamlogoncache_entry timestamp : Wed 16 Jul 2008 05:09:17 PM CEST CEST info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : Wed 16 Jul 2008 04:34:16 PM CEST CEST last_logoff : Tue 19 Jan 2038 04:14:07 AM CET CET acct_expiry : Tue 19 Jan 2038 04:14:07 AM CET CET last_password_change : Thu 14 Sep 2006 06:46:55 PM CEST CEST allow_password_change : Thu 14 Sep 2006 06:46:55 PM CEST CEST force_password_change : Tue 19 Jan 2038 04:14:07 AM CET CET account_name: struct lsa_String length : 0x0006 (6) size : 0x0006 (6) string : * string : 'pim' full_name: struct lsa_String length : 0x001c (28) size : 0x001c (28) string : * string : 'Pim Zandbergen' logon_script: struct lsa_String length : 0x0010 (16) size : 0x0010 (16) string : * string : 'test.bat' profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_count : 0x0d89 (3465) bad_password_count : 0x0000 (0) rid : 0x000003ed (1005) primary_gid : 0x00000200 (512) groups: struct samr_RidWithAttributeArray count : 0x00000004 (4) rids : * rids: ARRAY(4) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000200 (512) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x0000077b (1915) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000d90 (3472) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000020 (32) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 0: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 00000000000000000000000000000000 logon_server: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'DOU' domain: struct lsa_StringLarge length : 0x0014 (20) size : 0x0016 (22) string : * string : 'MACROSCOOP' domain_sid : * domain_sid : S-1-5-21-995976282-251809560-1267956476 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000210 (528) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000007 (7) sids : * sids: ARRAY(7) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-1209 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3497 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3475 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3471 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3485 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-1165 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) sids: struct netr_SidAttr sid : * sid : S-1-5-21-995976282-251809560-1267956476-3429 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) [2008/07/16 17:09:17, 10] smbd/sesssetup.c:reply_spnego_kerberos(402) Mapped to [MACROSCOOP] (using PAC) [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user MACROSCOOP\pim [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is macroscoop\pim [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [MACROSCOOP\pim]! [2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user MACROSCOOP\pim [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is macroscoop\pim [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [MACROSCOOP\pim]! [2008/07/16 17:09:17, 5] auth/auth_util.c:fill_sam_account(1376) fill_sam_account: located username was [MACROSCOOP\pim] [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username pim, was [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name , was [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain APPEL, was [2008/07/16 17:09:17, 4] lib/substitute.c:automount_server(500) Home server: appel [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\appel\pim\profile, was [2008/07/16 17:09:17, 4] lib/substitute.c:automount_server(500) Home server: appel [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\appel\pim, was [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive , was NULL [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script , was [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-1277291749-436816279-1941180597-301244 [2008/07/16 17:09:17, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1277291749-436816279-1941180597-301244 from rid 301244 [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username pim, was [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username pim, was pim [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain MACROSCOOP, was APPEL [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-995976282-251809560-1267956476-1005 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-512 -> gid 150004 [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_group_sid(567) pdb_set_group_sid: setting group sid S-1-5-21-995976282-251809560-1267956476-512 [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Pim Zandbergen, was [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script test.bat, was [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path , was \\appel\pim\profile [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was \\appel\pim [2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive , was [2008/07/16 17:09:17, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-995976282-251809560-1267956476-1005 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 150256 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 150257 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/16 17:09:17, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-1005] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-513] [2008/07/16 17:09:17, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-512] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-1915] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3472] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-1209] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3497] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3475] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3471] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3485] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-1165] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3429] [2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-545] [2008/07/16 17:09:17, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-513 -> gid 150000 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-1-0 [2008/07/16 17:09:17, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-1-0 to gid, ignoring it [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-2 [2008/07/16 17:09:17, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-2 to gid, ignoring it [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-11 [2008/07/16 17:09:17, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-11 to gid, ignoring it [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-512 -> gid 150004 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-1915 -> gid 150009 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-3472 -> gid 150152 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-1209 -> gid 150005 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-3497 -> gid 150189 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-3475 -> gid 150153 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-3471 -> gid 150154 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-3485 -> gid 150188 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-1165 -> gid 150006 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-995976282-251809560-1267956476-3429 -> gid 150007 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 150257 [2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 150256 [2008/07/16 17:09:17, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 contains 17 SIDs SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 SID[ 15]: S-1-5-32-545 SID[ 16]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/16 17:09:17, 10] smbd/password.c:register_initial_vuid(188) register_initial_vuid: allocated vuid = 101 [2008/07/16 17:09:17, 10] smbd/password.c:register_existing_vuid(310) register_existing_vuid: (150122,150004) MACROSCOOP\pim pim MACROSCOOP guest=0 [2008/07/16 17:09:17, 3] smbd/password.c:register_existing_vuid(314) register_existing_vuid: User name: MACROSCOOP\pim Real name: Pim Zandbergen [2008/07/16 17:09:17, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 150122 is UNIX user MACROSCOOP\pim, and will be vuid 101 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F31323437392F31 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a7ff0 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F31323437392F31 [2008/07/16 17:09:17, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find MACROSCOOP\pim [2008/07/16 17:09:17, 3] smbd/password.c:register_existing_vuid(350) Adding homes service for user 'MACROSCOOP\pim' using home directory: '/home/pim' [2008/07/16 17:09:17, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 6 for pim [2008/07/16 17:09:17, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 6 for service name pim [2008/07/16 17:09:17, 3] param/loadparm.c:lp_add_home(5858) adding home's share [pim] for user 'MACROSCOOP\pim' at '/home/pim' [2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=264 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 151 (0x97) smb_bcc=221 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] A1 81 94 30 81 91 A0 03 0A 01 00 A1 0B 06 09 2A ...0.... .......* [010] 86 48 82 F7 12 01 02 02 A2 7D 04 7B 60 79 06 09 .H...... .}.{`y.. [020] 2A 86 48 86 F7 12 01 02 02 02 00 6F 6A 30 68 A0 *.H..... ...oj0h. [030] 03 02 01 05 A1 03 02 01 0F A2 5C 30 5A A0 03 02 ........ ..\0Z... [040] 01 17 A2 53 04 51 C9 2B D3 DA CE 21 0B 63 D5 E5 ...S.Q.+ ...!.c.. [050] 2C 9E 71 12 DF DB 1F D8 E2 D1 D6 35 C7 82 7A EC ,.q..... ...5..z. [060] F3 CA 1B 4C 71 11 FD C9 C8 45 FC 21 38 AE 83 5E ...Lq... .E.!8..^ [070] 32 CF 17 AD 0D A7 9C 50 CA 71 26 85 34 10 C1 5C 2......P .q&.4..\ [080] 1E EB F1 7A 69 2C E2 B3 44 74 49 39 5C DF 99 D1 ...zi,.. DtI9\... [090] 4A A1 D6 DD D4 3B 86 55 00 6E 00 69 00 78 00 00 J....;.U .n.i.x.. [0A0] 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 00 2E .S.a.m.b .a. .3.. [0B0] 00 32 00 2E 00 30 00 2D 00 31 00 37 00 2E 00 66 .2...0.- .1.7...f [0C0] 00 63 00 39 00 00 00 4D 00 41 00 43 00 52 00 4F .c.9...M .A.C.R.O [0D0] 00 53 00 43 00 4F 00 4F 00 50 00 00 00 .S.C.O.O .P... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 76 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x4c [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 2 of length 80 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 41 00 50 00 50 00 45 00 4C 00 5C .\.\.A.P .P.E.L.\ [010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [020] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 12479) conn 0x0 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:17, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [?????] for share [IPC$] [2008/07/16 17:09:17, 5] smbd/service.c:make_connection(1376) making a connection to 'normal' service ipc$ [2008/07/16 17:09:17, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user MACROSCOOP\pim [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user MACROSCOOP\pim [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is macroscoop\pim [2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [MACROSCOOP\pim]! [2008/07/16 17:09:17, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /tmp [2008/07/16 17:09:17, 3] smbd/service.c:make_connection_snum(936) Connect path is '/tmp' for service [IPC$] [2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/07/16 17:09:17, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/07/16 17:09:17, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/07/16 17:09:17, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2008/07/16 17:09:17, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2008/07/16 17:09:17, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2008/07/16 17:09:17, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/07/16 17:09:17, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/07/16 17:09:17, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key BF300000010000004950 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95b00a0 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key BF300000010000004950 [2008/07/16 17:09:17, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user MACROSCOOP\pim [2008/07/16 17:09:17, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share IPC$ is read-only for unix user MACROSCOOP\pim [2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/07/16 17:09:17, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 contains 17 SIDs SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 SID[ 15]: S-1-5-32-545 SID[ 16]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 150122 Primary group is 150004 and contains 13 supplementary groups Group[ 0]: 150000 Group[ 1]: 150004 Group[ 2]: 150009 Group[ 3]: 150152 Group[ 4]: 150005 Group[ 5]: 150189 Group[ 6]: 150153 Group[ 7]: 150154 Group[ 8]: 150188 Group[ 9]: 150006 Group[ 10]: 150007 Group[ 11]: 150257 Group[ 12]: 150256 [2008/07/16 17:09:17, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(150122,150122) gid=(0,150004) [2008/07/16 17:09:17, 3] smbd/service.c:make_connection_snum(1190) __ffff_62.177.168.80 (::ffff:62.177.168.80) connect to service IPC$ initially as user MACROSCOOP\pim (uid=150122, gid=150004) (pid 12479) [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:17, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=IPC$ [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC.... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 3 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=192 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 contains 17 SIDs SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 SID[ 15]: S-1-5-32-545 SID[ 16]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 150122 Primary group is 150004 and contains 13 supplementary groups Group[ 0]: 150000 Group[ 1]: 150004 Group[ 2]: 150009 Group[ 3]: 150152 Group[ 4]: 150005 Group[ 5]: 150189 Group[ 6]: 150153 Group[ 7]: 150154 Group[ 8]: 150188 Group[ 9]: 150006 Group[ 10]: 150007 Group[ 11]: 150257 Group[ 12]: 150256 [2008/07/16 17:09:17, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(150122,150122) gid=(0,150004) [2008/07/16 17:09:17, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /tmp [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \wkssvc. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe wkssvc opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested wkssvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested wkssvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe wkssvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe wkssvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe wkssvc with handle 77a2 (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name wkssvc pnum=77a2 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 776B737376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a5eb8 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 776B737376632F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \wkssvc [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=192 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=41472 (0xA200) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 4 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=256 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30626 (0x77A2) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a2 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a2 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a2 name: wkssvc open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 6bffd098 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : a112 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 3610 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 98 33 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 46 c3 f8 7e 34 5a [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\wkssvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\wkssvc. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77a2 nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=256 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 5 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30626 (0x77A2) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a2 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a2 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a2 name: wkssvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77a2 min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x90 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 6 of length 148 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=384 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30626 (0x77A2) smb_bcc=77 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 00 00 00 00 02 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 64 00 00 00 .p.e.l.. .d... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=60 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a2 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a2 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "wkssvc" (pnum 77a2) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb95aa570 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a2 name: wkssvc open: Yes len: 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000024 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0xb7ba2020 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\appel' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'APPEL' domain_name : * domain_name : 'MACROSCOOP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called wkssvc successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 37 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 44 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a2 name: wkssvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0074 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000005c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..116] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=384 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [040] 00 41 00 50 00 50 00 45 00 4C 00 00 00 0B 00 00 .A.P.P.E .L...... [050] 00 00 00 00 00 0B 00 00 00 4D 00 41 00 43 00 52 ........ .M.A.C.R [060] 00 4F 00 53 00 43 00 4F 00 4F 00 50 00 00 00 00 .O.S.C.O .O.P.... [070] 00 00 00 00 00 ..... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 7 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=448 smt_wct=3 smb_vwv[ 0]=30626 (0x77A2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a2 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a2 (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77a2 [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name wkssvc pnum=77a2 (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 776B737376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 776B737376632F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=448 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 8 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=512 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \srvsvc. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe srvsvc opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested srvsvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested srvsvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe srvsvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe srvsvc with handle 77a3 (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name srvsvc pnum=77a3 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 7372767376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab140 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 7372767376632F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \srvsvc [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=512 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=41728 (0xA300) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 9 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=576 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30627 (0x77A3) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a3 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a3 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a3 name: srvsvc open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 4b324fc8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1670 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 01d3 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 12 78 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 5a 47 bf 6e e1 88 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000003 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\srvsvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\srvsvc. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77a3 nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=576 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 10 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=640 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30627 (0x77A3) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a3 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a3 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a3 name: srvsvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77a3 min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=640 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x90 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 11 of length 148 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=704 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30627 (0x77A3) smb_bcc=77 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 15 00 00 00 02 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 65 00 00 00 .p.e.l.. .e... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=60 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a3 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a3 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "srvsvc" (pnum 77a3) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb95ac9e0 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a3 name: srvsvc open: Yes len: 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000024 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0015 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[21].fn == 0xb7bcf550 srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo in: struct srvsvc_NetSrvGetInfo server_unc : * server_unc : '\\appel' level : 0x00000065 (101) [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1041) _srvsvc_NetSrvGetInfo: 1041 [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1117) _srvsvc_NetSrvGetInfo: 1117 srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo out: struct srvsvc_NetSrvGetInfo info : * info : union srvsvc_NetSrvInfo(case 101) info101 : * info101: struct srvsvc_NetSrvInfo101 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'APPEL' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) server_type : 0x00809b23 (8428323) 1: SV_TYPE_WORKSTATION 1: SV_TYPE_SERVER 0: SV_TYPE_SQLSERVER 0: SV_TYPE_DOMAIN_CTRL 0: SV_TYPE_DOMAIN_BAKCTRL 1: SV_TYPE_TIME_SOURCE 0: SV_TYPE_AFP 0: SV_TYPE_NOVELL 1: SV_TYPE_DOMAIN_MEMBER 1: SV_TYPE_PRINTQ_SERVER 0: SV_TYPE_DIALIN_SERVER 1: SV_TYPE_SERVER_UNIX 1: SV_TYPE_NT 0: SV_TYPE_WFW 0: SV_TYPE_SERVER_MFPN 1: SV_TYPE_SERVER_NT 0: SV_TYPE_POTENTIAL_BROWSER 0: SV_TYPE_BACKUP_BROWSER 0: SV_TYPE_MASTER_BROWSER 0: SV_TYPE_DOMAIN_MASTER 0: SV_TYPE_SERVER_OSF 0: SV_TYPE_SERVER_VMS 0: SV_TYPE_WIN95_PLUS 1: SV_TYPE_DFS_SERVER 0: SV_TYPE_ALTERNATE_XPORT 0: SV_TYPE_LOCAL_LIST_ONLY 0: SV_TYPE_DOMAIN_ENUM comment : * comment : 'Fedora 9 - Samba 3.2.0-17.fc9' result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called srvsvc successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 24 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 44 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a3 name: srvsvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 132. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 009c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000084 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..156] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=704 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 156 (0x9C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 156 (0x9C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=157 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 9C 00 00 00 01 00 00 ........ ........ [010] 00 84 00 00 00 00 00 00 00 65 00 00 00 00 00 02 ........ .e...... [020] 00 F4 01 00 00 04 00 02 00 04 00 00 00 09 00 00 ........ ........ [030] 00 23 9B 80 00 08 00 02 00 06 00 00 00 00 00 00 .#...... ........ [040] 00 06 00 00 00 41 00 50 00 50 00 45 00 4C 00 00 .....A.P .P.E.L.. [050] 00 1E 00 00 00 00 00 00 00 1E 00 00 00 46 00 65 ........ .....F.e [060] 00 64 00 6F 00 72 00 61 00 20 00 39 00 20 00 2D .d.o.r.a . .9. .- [070] 00 20 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 . .S.a.m .b.a. .3 [080] 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 00 2E ...2...0 .-.1.7.. [090] 00 66 00 63 00 39 00 00 00 00 00 00 00 .f.c.9.. ..... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 12 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=768 smt_wct=3 smb_vwv[ 0]=30627 (0x77A3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a3 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a3 (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77a3 [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name srvsvc pnum=77a3 (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 7372767376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 7372767376632F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=768 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 13 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=832 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \wkssvc. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe wkssvc opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested wkssvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested wkssvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe wkssvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe wkssvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe wkssvc with handle 77a4 (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name wkssvc pnum=77a4 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 776B737376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95af040 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 776B737376632F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \wkssvc [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=832 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=41984 (0xA400) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 14 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=896 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30628 (0x77A4) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a4 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a4 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a4 name: wkssvc open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 6bffd098 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : a112 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 3610 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 98 33 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 46 c3 f8 7e 34 5a [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\wkssvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\wkssvc. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77a4 nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=896 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 15 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30628 (0x77A4) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a4 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a4 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a4 name: wkssvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77a4 min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x90 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 16 of length 148 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=1024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30628 (0x77A4) smb_bcc=77 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 00 00 00 00 02 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 64 00 00 00 .p.e.l.. .d... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=60 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a4 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a4 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "wkssvc" (pnum 77a4) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb953eeb0 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a4 name: wkssvc open: Yes len: 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000024 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0xb7ba2020 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\appel' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'APPEL' domain_name : * domain_name : 'MACROSCOOP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called wkssvc successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 37 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 44 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a4 name: wkssvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0074 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000005c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..116] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [040] 00 41 00 50 00 50 00 45 00 4C 00 00 00 0B 00 00 .A.P.P.E .L...... [050] 00 00 00 00 00 0B 00 00 00 4D 00 41 00 43 00 52 ........ .M.A.C.R [060] 00 4F 00 53 00 43 00 4F 00 4F 00 50 00 00 00 00 .O.S.C.O .O.P.... [070] 00 00 00 00 00 ..... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 17 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1088 smt_wct=3 smb_vwv[ 0]=30628 (0x77A4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a4 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a4 (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77a4 [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name wkssvc pnum=77a4 (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 776B737376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 776B737376632F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1088 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 18 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=1152 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \srvsvc. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe srvsvc opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested srvsvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested srvsvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe srvsvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe srvsvc with handle 77a5 (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name srvsvc pnum=77a5 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 7372767376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a6788 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 7372767376632F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \srvsvc [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=1152 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=42240 (0xA500) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 19 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1216 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30629 (0x77A5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a5 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a5 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a5 name: srvsvc open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 4b324fc8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1670 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 01d3 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 12 78 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 5a 47 bf 6e e1 88 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000003 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\srvsvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\srvsvc. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77a5 nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1216 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 20 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30629 (0x77A5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a5 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a5 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a5 name: srvsvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77a5 min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 168 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xa8 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 21 of length 172 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=1344 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 84 (0x54) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 84 (0x54) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30629 (0x77A5) smb_bcc=101 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 54 00 00 00 01 00 00 ........ .T...... [020] 00 3C 00 00 00 00 00 0F 00 00 00 02 00 08 00 00 .<...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 01 00 00 00 01 00 00 .p.e.l.. ........ [050] 00 04 00 02 00 00 00 00 00 00 00 00 00 FF FF FF ........ ........ [060] FF 00 00 00 00 ..... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=84 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a5 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a5 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "srvsvc" (pnum 77a5) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb95ac9e0 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a5 name: srvsvc open: Yes len: 84 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 84 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 68 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0054 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 68 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000f [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: srvsvc op 0xf - api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[15].fn == 0xb7bd0190 srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll in: struct srvsvc_NetShareEnumAll server_unc : * server_unc : '\\appel' info_ctr : * info_ctr: struct srvsvc_NetShareInfoCtr level : 0x00000001 (1) ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count : 0x00000000 (0) array : NULL max_buffer : 0xffffffff (4294967295) resume_handle : NULL [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetShareEnumAll(1283) _srvsvc_NetShareEnumAll: 1283 [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(499) init_srv_share_info_ctr [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(150122, 150004) : sec_ctx_stack_ndx = 1 [2008/07/16 17:09:17, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:17, 8] smbd/service.c:load_registry_shares(298) load_registry_shares() [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (150122, 150004) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(514) NOT counting service homes [2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(514) NOT counting service printers [2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(514) NOT counting service print$ [2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(511) counting service IPC$ [2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(511) counting service zetahack [2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(511) counting service Cups-PDF [2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(511) counting service pim [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetShareEnumAll(1297) _srvsvc_NetShareEnumAll: 1297 srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll out: struct srvsvc_NetShareEnumAll info_ctr : * info_ctr: struct srvsvc_NetShareInfoCtr level : 0x00000001 (1) ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count : 0x00000004 (4) array : * array: ARRAY(4) array: struct srvsvc_NetShareInfo1 name : * name : 'IPC$' type : STYPE_IPC_HIDDEN (0x80000003) comment : * comment : 'IPC Service (Fedora 9 - Samba 3.2.0-17.fc9)' array: struct srvsvc_NetShareInfo1 name : * name : 'zetahack' type : STYPE_PRINTQ (0x1) comment : * comment : 'Zetafax hack' array: struct srvsvc_NetShareInfo1 name : * name : 'Cups-PDF' type : STYPE_PRINTQ (0x1) comment : * comment : 'Cups-PDF' array: struct srvsvc_NetShareInfo1 name : * name : 'pim' type : STYPE_DISKTREE (0x0) comment : * comment : 'Home Directories' totalentries : * totalentries : 0x00000004 (4) resume_handle : NULL result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called srvsvc successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 222 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 68 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a5 name: srvsvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 412. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 01b4 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000019c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..436] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=492 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=1344 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 436 (0x1B4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 436 (0x1B4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=437 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 B4 01 00 00 01 00 00 ........ ........ [010] 00 9C 01 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [020] 00 00 00 02 00 04 00 00 00 04 00 02 00 04 00 00 ........ ........ [030] 00 08 00 02 00 03 00 00 80 0C 00 02 00 10 00 02 ........ ........ [040] 00 01 00 00 00 14 00 02 00 18 00 02 00 01 00 00 ........ ........ [050] 00 1C 00 02 00 20 00 02 00 00 00 00 00 24 00 02 ..... .. .....$.. [060] 00 05 00 00 00 00 00 00 00 05 00 00 00 49 00 50 ........ .....I.P [070] 00 43 00 24 00 00 00 00 00 2C 00 00 00 00 00 00 .C.$.... .,...... [080] 00 2C 00 00 00 49 00 50 00 43 00 20 00 53 00 65 .,...I.P .C. .S.e [090] 00 72 00 76 00 69 00 63 00 65 00 20 00 28 00 46 .r.v.i.c .e. .(.F [0A0] 00 65 00 64 00 6F 00 72 00 61 00 20 00 39 00 20 .e.d.o.r .a. .9. [0B0] 00 2D 00 20 00 53 00 61 00 6D 00 62 00 61 00 20 .-. .S.a .m.b.a. [0C0] 00 33 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 .3...2.. .0.-.1.7 [0D0] 00 2E 00 66 00 63 00 39 00 29 00 00 00 09 00 00 ...f.c.9 .)...... [0E0] 00 00 00 00 00 09 00 00 00 7A 00 65 00 74 00 61 ........ .z.e.t.a [0F0] 00 68 00 61 00 63 00 6B 00 00 00 00 00 0D 00 00 .h.a.c.k ........ [100] 00 00 00 00 00 0D 00 00 00 5A 00 65 00 74 00 61 ........ .Z.e.t.a [110] 00 66 00 61 00 78 00 20 00 68 00 61 00 63 00 6B .f.a.x. .h.a.c.k [120] 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ [130] 00 43 00 75 00 70 00 73 00 2D 00 50 00 44 00 46 .C.u.p.s .-.P.D.F [140] 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ [150] 00 43 00 75 00 70 00 73 00 2D 00 50 00 44 00 46 .C.u.p.s .-.P.D.F [160] 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........ [170] 00 70 00 69 00 6D 00 00 00 11 00 00 00 00 00 00 .p.i.m.. ........ [180] 00 11 00 00 00 48 00 6F 00 6D 00 65 00 20 00 44 .....H.o .m.e. .D [190] 00 69 00 72 00 65 00 63 00 74 00 6F 00 72 00 69 .i.r.e.c .t.o.r.i [1A0] 00 65 00 73 00 00 00 00 00 04 00 00 00 00 00 00 .e.s.... ........ [1B0] 00 00 00 00 00 ..... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 22 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1408 smt_wct=3 smb_vwv[ 0]=30629 (0x77A5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a5 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a5 (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77a5 [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name srvsvc pnum=77a5 (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 7372767376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 7372767376632F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1408 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 102 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x66 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 23 of length 106 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=1472 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [010] 00 00 00 ... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \spoolss. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe spoolss opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested spoolss (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested spoolss [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe spoolss [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe spoolss [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe spoolss (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe spoolss with handle 77a6 (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name spoolss pnum=77a6 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 73706F6F6C73732F3132 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2aa8 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 73706F6F6C73732F3132 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \spoolss [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=1472 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=42496 (0xA600) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 24 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1536 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30630 (0x77A6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a6 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name spoolss pnum=77a6 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a6 name: spoolss open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345678 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\spoolss checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc checking \PIPE\winreg checking \PIPE\spoolss [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000e [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\spoolss. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77a6 nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1536 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 25 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1600 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30630 (0x77A6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a6 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name spoolss pnum=77a6 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a6 name: spoolss len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77a6 min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1600 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 73 70 6F 6F 6C 73 73 00 01 00 00 00 00 00 00 00 spoolss. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 248 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xf8 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 26 of length 252 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=248 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=1664 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 164 (0xA4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 164 (0xA4) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30630 (0x77A6) smb_bcc=181 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 A4 00 00 00 01 00 00 ........ ........ [020] 00 8C 00 00 00 00 00 45 00 00 00 02 00 08 00 00 .......E ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 00 00 00 00 00 00 00 .p.e.l.. ........ [050] 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [060] 00 04 00 02 00 1C 00 00 00 08 00 02 00 0C 00 02 ........ ........ [070] 00 28 0A 00 00 03 00 00 00 00 00 00 00 00 00 02 .(...... ........ [080] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 5C 00 5C ........ .....\.\ [090] 00 54 00 49 00 54 00 49 00 41 00 41 00 4E 00 00 .T.I.T.I .A.A.N.. [0A0] 00 04 00 00 00 00 00 00 00 04 00 00 00 70 00 69 ........ .....p.i [0B0] 00 6D 00 00 00 .m... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=164 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a6 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name spoolss pnum=77a6 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "spoolss" (pnum 77a6) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb952de20 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a6 name: spoolss open: Yes len: 164 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 164 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 164 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 164, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 148 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 148 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a4 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 148 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 148, incoming data = 148 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000008c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0045 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 72 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\spoolss [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[1].fn == 0xb7bd8430 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 spoolss_io_q_open_printer_ex [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 ptr: 00020000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000004 smb_io_unistr2 printername [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 uni_max_len: 00000008 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0008 offset : 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c uni_str_len: 00000008 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(950) 0010 buffer : \.\.a.p.p.e.l... [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 spoolss_io_printer_default [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 datatype_ptr: 00000000 [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_unistr2 - NULL datatype [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 spoolss_io_devmode_cont [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 size: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0028 devmode_ptr: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c access_required: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 user_switch: 00000001 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 spool_io_user_level [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 level: 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0038 ptr: 00020004 [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 00003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c size: 0000001c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 ptr: 00020008 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 ptr: 0002000c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0048 build: 00000a28 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c major: 00000003 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0050 minor: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0054 processor: 00020000 [2008/07/16 17:09:17, 8] rpc_parse/parse_prs.c:prs_debug(88) 000058 smb_io_unistr2 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0058 uni_max_len: 0000000a [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 005c offset : 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0060 uni_str_len: 0000000a [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(950) 0064 buffer : \.\.T.I.T.I.A.A.N... [2008/07/16 17:09:17, 8] rpc_parse/parse_prs.c:prs_debug(88) 000078 smb_io_unistr2 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0078 uni_max_len: 00000004 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 007c offset : 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0080 uni_str_len: 00000004 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(950) 0084 buffer : p.i.m... checking name: \\appel [2008/07/16 17:09:17, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(580) open_printer_hnd: name [\\appel] [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. [2008/07/16 17:09:17, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(415) Setting printer type=\\appel Printer is a print server [2008/07/16 17:09:17, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(454) Setting printer name=\\appel (len=7) [2008/07/16 17:09:17, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(615) 1 printer handles active [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. [2008/07/16 17:09:17, 4] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1667) Setting print server access = SERVER_ACCESS_ENUMERATE [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 spoolss_io_r_open_printer_ex [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_pol_hnd printer handle [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 handle_type: 00000000 [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000004 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 data : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 data : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a data : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000c data : 7e 48 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000e data : 1d 0f bf 30 00 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_werror(838) 0014 status code: WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called spoolss successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 120 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 148 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a6 name: spoolss len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=1664 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 00 00 00 .....~H. ..0..... [030] 00 . [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 128 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x80 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 27 of length 132 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=1728 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30630 (0x77A6) smb_bcc=61 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 02 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 .....~H. ..0.. [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=44 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a6 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name spoolss pnum=77a6 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "spoolss" (pnum 77a6) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb952de20 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a6 name: spoolss open: Yes len: 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000014 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 001d [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\spoolss [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[3].fn == 0xb7bd8040 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 spoolss_io_q_closeprinter [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_pol_hnd printer handle [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 handle_type: 00000000 [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000004 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 data : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 data : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a data : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000c data : 7e 48 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000e data : 1d 0f bf 30 00 00 [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. [2008/07/16 17:09:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 spoolss_io_r_closeprinter [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_pol_hnd printer handle [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 handle_type: 00000000 [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000004 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 data : 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 data : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a data : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000c data : 00 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000e data : 00 00 00 00 00 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_werror(838) 0014 status: WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called spoolss successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 28 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a6 name: spoolss len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=432 smb_uid=101 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 28 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1792 smt_wct=3 smb_vwv[ 0]=30630 (0x77A6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a6 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name spoolss pnum=77a6 (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77a6 [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe spoolss [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name spoolss pnum=77a6 (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 73706F6F6C73732F3132 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 73706F6F6C73732F3132 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1792 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 29 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=1856 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \wkssvc. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe wkssvc opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested wkssvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested wkssvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe wkssvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe wkssvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe wkssvc with handle 77a7 (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name wkssvc pnum=77a7 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 776B737376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab140 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 776B737376632F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \wkssvc [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=1856 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=42752 (0xA700) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 30 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30631 (0x77A7) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a7 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a7 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a7 name: wkssvc open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 6bffd098 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : a112 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 3610 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 98 33 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 46 c3 f8 7e 34 5a [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\wkssvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\wkssvc. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77a7 nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 31 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1984 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30631 (0x77A7) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a7 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a7 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a7 name: wkssvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77a7 min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1984 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x90 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 32 of length 148 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2048 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30631 (0x77A7) smb_bcc=77 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 00 00 00 00 02 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 64 00 00 00 .p.e.l.. .d... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=60 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a7 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a7 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "wkssvc" (pnum 77a7) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb95aab90 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a7 name: wkssvc open: Yes len: 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000024 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0xb7ba2020 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\appel' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'APPEL' domain_name : * domain_name : 'MACROSCOOP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called wkssvc successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 37 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 44 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a7 name: wkssvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0074 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000005c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..116] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2048 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [040] 00 41 00 50 00 50 00 45 00 4C 00 00 00 0B 00 00 .A.P.P.E .L...... [050] 00 00 00 00 00 0B 00 00 00 4D 00 41 00 43 00 52 ........ .M.A.C.R [060] 00 4F 00 53 00 43 00 4F 00 4F 00 50 00 00 00 00 .O.S.C.O .O.P.... [070] 00 00 00 00 00 ..... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 33 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=3 smb_vwv[ 0]=30631 (0x77A7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a7 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a7 (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77a7 [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name wkssvc pnum=77a7 (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 776B737376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 776B737376632F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 34 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2176 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \srvsvc. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe srvsvc opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested srvsvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested srvsvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe srvsvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe srvsvc with handle 77a8 (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name srvsvc pnum=77a8 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 7372767376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a6788 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 7372767376632F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \srvsvc [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2176 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=43008 (0xA800) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 35 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30632 (0x77A8) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a8 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a8 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a8 name: srvsvc open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 4b324fc8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1670 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 01d3 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 12 78 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 5a 47 bf 6e e1 88 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000003 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\srvsvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\srvsvc. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77a8 nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 36 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2304 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30632 (0x77A8) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a8 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a8 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a8 name: srvsvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77a8 min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2304 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x90 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 37 of length 148 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2368 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30632 (0x77A8) smb_bcc=77 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 15 00 00 00 02 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 65 00 00 00 .p.e.l.. .e... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=60 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a8 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a8 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "srvsvc" (pnum 77a8) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb95ab590 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a8 name: srvsvc open: Yes len: 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000024 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0015 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[21].fn == 0xb7bcf550 srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo in: struct srvsvc_NetSrvGetInfo server_unc : * server_unc : '\\appel' level : 0x00000065 (101) [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1041) _srvsvc_NetSrvGetInfo: 1041 [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1117) _srvsvc_NetSrvGetInfo: 1117 srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo out: struct srvsvc_NetSrvGetInfo info : * info : union srvsvc_NetSrvInfo(case 101) info101 : * info101: struct srvsvc_NetSrvInfo101 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'APPEL' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) server_type : 0x00809b23 (8428323) 1: SV_TYPE_WORKSTATION 1: SV_TYPE_SERVER 0: SV_TYPE_SQLSERVER 0: SV_TYPE_DOMAIN_CTRL 0: SV_TYPE_DOMAIN_BAKCTRL 1: SV_TYPE_TIME_SOURCE 0: SV_TYPE_AFP 0: SV_TYPE_NOVELL 1: SV_TYPE_DOMAIN_MEMBER 1: SV_TYPE_PRINTQ_SERVER 0: SV_TYPE_DIALIN_SERVER 1: SV_TYPE_SERVER_UNIX 1: SV_TYPE_NT 0: SV_TYPE_WFW 0: SV_TYPE_SERVER_MFPN 1: SV_TYPE_SERVER_NT 0: SV_TYPE_POTENTIAL_BROWSER 0: SV_TYPE_BACKUP_BROWSER 0: SV_TYPE_MASTER_BROWSER 0: SV_TYPE_DOMAIN_MASTER 0: SV_TYPE_SERVER_OSF 0: SV_TYPE_SERVER_VMS 0: SV_TYPE_WIN95_PLUS 1: SV_TYPE_DFS_SERVER 0: SV_TYPE_ALTERNATE_XPORT 0: SV_TYPE_LOCAL_LIST_ONLY 0: SV_TYPE_DOMAIN_ENUM comment : * comment : 'Fedora 9 - Samba 3.2.0-17.fc9' result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called srvsvc successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 24 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 44 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a8 name: srvsvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 132. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 009c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000084 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..156] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2368 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 156 (0x9C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 156 (0x9C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=157 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 9C 00 00 00 01 00 00 ........ ........ [010] 00 84 00 00 00 00 00 00 00 65 00 00 00 00 00 02 ........ .e...... [020] 00 F4 01 00 00 04 00 02 00 04 00 00 00 09 00 00 ........ ........ [030] 00 23 9B 80 00 08 00 02 00 06 00 00 00 00 00 00 .#...... ........ [040] 00 06 00 00 00 41 00 50 00 50 00 45 00 4C 00 00 .....A.P .P.E.L.. [050] 00 1E 00 00 00 00 00 00 00 1E 00 00 00 46 00 65 ........ .....F.e [060] 00 64 00 6F 00 72 00 61 00 20 00 39 00 20 00 2D .d.o.r.a . .9. .- [070] 00 20 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 . .S.a.m .b.a. .3 [080] 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 00 2E ...2...0 .-.1.7.. [090] 00 66 00 63 00 39 00 00 00 00 00 00 00 .f.c.9.. ..... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 38 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=3 smb_vwv[ 0]=30632 (0x77A8) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a8 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77a8 (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77a8 [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name srvsvc pnum=77a8 (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 7372767376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 7372767376632F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 39 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2496 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \wkssvc. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe wkssvc opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested wkssvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested wkssvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe wkssvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe wkssvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe wkssvc with handle 77a9 (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name wkssvc pnum=77a9 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 776B737376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab140 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 776B737376632F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \wkssvc [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2496 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=43264 (0xA900) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 40 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2560 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30633 (0x77A9) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a9 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a9 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a9 name: wkssvc open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 6bffd098 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : a112 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 3610 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 98 33 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 46 c3 f8 7e 34 5a [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\wkssvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\wkssvc. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77a9 nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2560 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 41 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2624 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30633 (0x77A9) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a9 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a9 (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a9 name: wkssvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77a9 min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2624 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x90 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 42 of length 148 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2688 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30633 (0x77A9) smb_bcc=77 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 00 00 00 00 02 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 64 00 00 00 .p.e.l.. .d... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=60 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a9 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a9 (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "wkssvc" (pnum 77a9) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb95aab90 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77a9 name: wkssvc open: Yes len: 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000024 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0xb7ba2020 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\appel' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'APPEL' domain_name : * domain_name : 'MACROSCOOP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called wkssvc successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 37 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 44 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77a9 name: wkssvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0074 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000005c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..116] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2688 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [040] 00 41 00 50 00 50 00 45 00 4C 00 00 00 0B 00 00 .A.P.P.E .L...... [050] 00 00 00 00 00 0B 00 00 00 4D 00 41 00 43 00 52 ........ .M.A.C.R [060] 00 4F 00 53 00 43 00 4F 00 4F 00 50 00 00 00 00 .O.S.C.O .O.P.... [070] 00 00 00 00 00 ..... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 43 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2752 smt_wct=3 smb_vwv[ 0]=30633 (0x77A9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77a9 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name wkssvc pnum=77a9 (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77a9 [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe wkssvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name wkssvc pnum=77a9 (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 776B737376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 776B737376632F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2752 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 44 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2816 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \srvsvc. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe srvsvc opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested srvsvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested srvsvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe srvsvc [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe srvsvc (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe srvsvc with handle 77aa (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name srvsvc pnum=77aa [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 7372767376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a2aa8 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 7372767376632F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \srvsvc [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=2816 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=43520 (0xAA00) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 45 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2880 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30634 (0x77AA) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77aa [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77aa (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77aa name: srvsvc open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 4b324fc8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1670 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 01d3 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 12 78 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 5a 47 bf 6e e1 88 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000003 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\srvsvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\srvsvc. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77aa nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2880 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 46 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2944 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30634 (0x77AA) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77aa [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77aa (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77aa name: srvsvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77aa min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2944 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x90 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 47 of length 148 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3008 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30634 (0x77AA) smb_bcc=77 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... [020] 00 24 00 00 00 00 00 15 00 00 00 02 00 08 00 00 .$...... ........ [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p [040] 00 70 00 65 00 6C 00 00 00 65 00 00 00 .p.e.l.. .e... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=60 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77aa [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77aa (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "srvsvc" (pnum 77aa) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb952de20 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77aa name: srvsvc open: Yes len: 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000024 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0015 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[21].fn == 0xb7bcf550 srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo in: struct srvsvc_NetSrvGetInfo server_unc : * server_unc : '\\appel' level : 0x00000065 (101) [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1041) _srvsvc_NetSrvGetInfo: 1041 [2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1117) _srvsvc_NetSrvGetInfo: 1117 srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo out: struct srvsvc_NetSrvGetInfo info : * info : union srvsvc_NetSrvInfo(case 101) info101 : * info101: struct srvsvc_NetSrvInfo101 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'APPEL' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) server_type : 0x00809b23 (8428323) 1: SV_TYPE_WORKSTATION 1: SV_TYPE_SERVER 0: SV_TYPE_SQLSERVER 0: SV_TYPE_DOMAIN_CTRL 0: SV_TYPE_DOMAIN_BAKCTRL 1: SV_TYPE_TIME_SOURCE 0: SV_TYPE_AFP 0: SV_TYPE_NOVELL 1: SV_TYPE_DOMAIN_MEMBER 1: SV_TYPE_PRINTQ_SERVER 0: SV_TYPE_DIALIN_SERVER 1: SV_TYPE_SERVER_UNIX 1: SV_TYPE_NT 0: SV_TYPE_WFW 0: SV_TYPE_SERVER_MFPN 1: SV_TYPE_SERVER_NT 0: SV_TYPE_POTENTIAL_BROWSER 0: SV_TYPE_BACKUP_BROWSER 0: SV_TYPE_MASTER_BROWSER 0: SV_TYPE_DOMAIN_MASTER 0: SV_TYPE_SERVER_OSF 0: SV_TYPE_SERVER_VMS 0: SV_TYPE_WIN95_PLUS 1: SV_TYPE_DFS_SERVER 0: SV_TYPE_ALTERNATE_XPORT 0: SV_TYPE_LOCAL_LIST_ONLY 0: SV_TYPE_DOMAIN_ENUM comment : * comment : 'Fedora 9 - Samba 3.2.0-17.fc9' result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called srvsvc successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 24 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 44 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77aa name: srvsvc len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 132. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 009c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000084 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..156] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3008 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 156 (0x9C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 156 (0x9C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=157 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 9C 00 00 00 01 00 00 ........ ........ [010] 00 84 00 00 00 00 00 00 00 65 00 00 00 00 00 02 ........ .e...... [020] 00 F4 01 00 00 04 00 02 00 04 00 00 00 09 00 00 ........ ........ [030] 00 23 9B 80 00 08 00 02 00 06 00 00 00 00 00 00 .#...... ........ [040] 00 06 00 00 00 41 00 50 00 50 00 45 00 4C 00 00 .....A.P .P.E.L.. [050] 00 1E 00 00 00 00 00 00 00 1E 00 00 00 46 00 65 ........ .....F.e [060] 00 64 00 6F 00 72 00 61 00 20 00 39 00 20 00 2D .d.o.r.a . .9. .- [070] 00 20 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 . .S.a.m .b.a. .3 [080] 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 00 2E ...2...0 .-.1.7.. [090] 00 66 00 63 00 39 00 00 00 00 00 00 00 .f.c.9.. ..... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 48 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3072 smt_wct=3 smb_vwv[ 0]=30634 (0x77AA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77aa [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name srvsvc pnum=77aa (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77aa [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe srvsvc [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name srvsvc pnum=77aa (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 7372767376632F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 7372767376632F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3072 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 49 of length 104 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3136 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = winreg [2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \winreg. [2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe winreg opening. [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested winreg (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested winreg [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe winreg (pipes_open=0) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe winreg with handle 77ab (pipes_open=1) [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name winreg pnum=77ab [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 77696E7265672F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95a97e8 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 77696E7265672F313234 [2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \winreg [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3136 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=43776 (0xAB00) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 50 of length 140 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3200 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30635 (0x77AB) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 contains 17 SIDs SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 SID[ 15]: S-1-5-32-545 SID[ 16]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 150122 Primary group is 150004 and contains 13 supplementary groups Group[ 0]: 150000 Group[ 1]: 150004 Group[ 2]: 150009 Group[ 3]: 150152 Group[ 4]: 150005 Group[ 5]: 150189 Group[ 6]: 150153 Group[ 7]: 150154 Group[ 8]: 150188 Group[ 9]: 150006 Group[ 10]: 150007 Group[ 11]: 150257 Group[ 12]: 150256 [2008/07/16 17:09:17, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(150122,150122) gid=(0,150004) [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77ab [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name winreg pnum=77ab (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77ab name: winreg open: Yes len: 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 338cd001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 2244 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 31f1 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : aa aa [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 90 00 38 00 10 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\winreg checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc checking \PIPE\winreg [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\winreg. [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=77ab nwritten=72 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3200 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 51 of length 63 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3264 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30635 (0x77AB) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77ab [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name winreg pnum=77ab (pipes_open=1) [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77ab name: winreg len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=77ab min=1024 max=1024 nread=68 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3264 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 120 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x78 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 52 of length 124 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3328 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30635 (0x77AB) smb_bcc=53 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 00 00 02 00 C0 51 01 ........ ......Q. [030] 00 00 00 00 02 ..... [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=36 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77ab [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name winreg pnum=77ab (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "winreg" (pnum 77ab) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb953eeb0 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77ab name: winreg open: Yes len: 36 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 20 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 20 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000000c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0002 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\winreg [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: WINREG_OPENHKLM [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[2].fn == 0xb7b9ba50 winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : * system_name : 0x51c0 (20928) access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2008/07/16 17:09:17, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(150122, 150004) : sec_ctx_stack_ndx = 1 [2008/07/16 17:09:17, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (150122, 150004) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_open(409) regdb_open: refcount reset (1) [2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7e48-1d0fbf300000 result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called winreg successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 20 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77ab name: winreg len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3328 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 00 00 00 .....~H. ..0..... [030] 00 . [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 228 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xe4 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 53 of length 232 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=228 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3392 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 144 (0x90) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30635 (0x77AB) smb_bcc=161 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 90 00 00 00 02 00 00 ........ ........ [020] 00 78 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 .x...... ........ [030] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 46 00 46 .....~H. ..0..F.F [040] 00 00 00 02 00 23 00 00 00 00 00 00 00 23 00 00 .....#.. .....#.. [050] 00 53 00 4F 00 46 00 54 00 57 00 41 00 52 00 45 .S.O.F.T .W.A.R.E [060] 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F .\.M.i.c .r.o.s.o [070] 00 66 00 74 00 5C 00 53 00 63 00 68 00 65 00 64 .f.t.\.S .c.h.e.d [080] 00 75 00 6C 00 69 00 6E 00 67 00 41 00 67 00 65 .u.l.i.n .g.A.g.e [090] 00 6E 00 74 00 00 00 9C B2 00 00 00 00 19 00 02 .n.t.... ........ [0A0] 00 . [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=144 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77ab [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name winreg pnum=77ab (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "winreg" (pnum 77ab) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb953eeb0 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77ab name: winreg open: Yes len: 144 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 144 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 144 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 144, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 128 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 128 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0090 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 128 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 128, incoming data = 128 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000078 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000f [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\winreg [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: WINREG_OPENKEY [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[15].fn == 0xb7b99fd0 winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7e48-1d0fbf300000 keyname: struct winreg_String name_len : 0x0046 (70) name_size : 0x0046 (70) name : * name : 'SOFTWARE\Microsoft\SchedulingAgent' unknown : 0x00000000 (0) access_mask : 0x00020019 (131097) 1: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 1: KEY_ENUMERATE_SUB_KEYS 1: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. [2008/07/16 17:09:17, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SOFTWARE] [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (1) [2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE] [2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SOFTWARE] [2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SOFTWARE] [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:17, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:17, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Microsoft] [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE/Microsoft] [2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SOFTWARE/Microsoft] [2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SOFTWARE/Microsoft] [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/07/16 17:09:17, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:17, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SchedulingAgent] [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] [2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] [2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] [2008/07/16 17:09:17, 5] registry/reg_backend_db.c:regdb_fetch_keys(752) regdb_fetch_keys: tdb lookup failed to locate key [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (1) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_BADFILE [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called winreg successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 128 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77ab name: winreg len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3392 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [030] 00 . [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 128 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x80 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 54 of length 132 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3456 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30635 (0x77AB) smb_bcc=61 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 .....~H. ..0.. [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=44 params=0 setup=2 [2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77ab [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name winreg pnum=77ab (pipes_open=1) [2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "winreg" (pnum 77ab) [2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0xb953eeb0 max_trans_reply: 1024 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 77ab name: winreg open: Yes len: 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002c [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000014 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0005 [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\winreg [2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: WINREG_CLOSEKEY [2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[5].fn == 0xb7b9b410 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7e48-1d0fbf300000 [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. [2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. [010] BF 30 00 00 .0.. [2008/07/16 17:09:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (0) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called winreg successfully [2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 28 [2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 77ab name: winreg len: 1024 [2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1560 smb_uid=101 smb_mid=3456 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) Transaction 55 of length 45 (0 toread) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3520 smt_wct=3 smb_vwv[ 0]=30635 (0x77AB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 12479) conn 0xb95b2090 [2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=77ab [2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name winreg pnum=77ab (pipes_open=1) [2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:77ab [2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe winreg [2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name winreg pnum=77ab (pipes_open=0) [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 77696E7265672F313234 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95ab350 [2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 77696E7265672F313234 [2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=3520 smt_wct=0 smb_bcc=0 [2008/07/16 17:09:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 84 [2008/07/16 17:09:18, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x54 [2008/07/16 17:09:18, 3] smbd/process.c:process_smb(1549) Transaction 56 of length 88 (0 toread) [2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) size=84 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=3584 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 84 (0x54) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=41 [2008/07/16 17:09:18, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 41 00 50 00 50 00 45 00 4C 00 5C .\.\.A.P .P.E.L.\ [010] 00 5A 00 45 00 54 00 41 00 48 00 41 00 43 00 4B .Z.E.T.A .H.A.C.K [020] 00 00 00 3F 3F 3F 3F 3F 00 ...????? . [2008/07/16 17:09:18, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 12479) conn 0x0 [2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:18, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:18, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [?????] for share [ZETAHACK] [2008/07/16 17:09:18, 5] smbd/service.c:make_connection(1376) making a connection to 'normal' service zetahack [2008/07/16 17:09:18, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share zetahack is ok for unix user MACROSCOOP\pim [2008/07/16 17:09:18, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user MACROSCOOP\pim [2008/07/16 17:09:18, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is macroscoop\pim [2008/07/16 17:09:18, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [MACROSCOOP\pim]! [2008/07/16 17:09:18, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service zetahack, connectpath = /var/spool/samba [2008/07/16 17:09:18, 3] smbd/service.c:make_connection_snum(936) Connect path is '/var/spool/samba' for service [zetahack] [2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. [2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/07/16 17:09:18, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/07/16 17:09:18, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/07/16 17:09:18, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/07/16 17:09:18, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/07/16 17:09:18, 5] smbd/connection.c:claim_connection(142) claiming [zetahack] [2008/07/16 17:09:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key BF300000020000007A65 [2008/07/16 17:09:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95aff60 [2008/07/16 17:09:18, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key BF300000020000007A65 [2008/07/16 17:09:18, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share zetahack is ok for unix user MACROSCOOP\pim [2008/07/16 17:09:18, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share zetahack is read-write for unix user MACROSCOOP\pim [2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. [2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/07/16 17:09:18, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. [2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/07/16 17:09:18, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 contains 17 SIDs SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 SID[ 15]: S-1-5-32-545 SID[ 16]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 150122 Primary group is 150004 and contains 13 supplementary groups Group[ 0]: 150000 Group[ 1]: 150004 Group[ 2]: 150009 Group[ 3]: 150152 Group[ 4]: 150005 Group[ 5]: 150189 Group[ 6]: 150153 Group[ 7]: 150154 Group[ 8]: 150188 Group[ 9]: 150006 Group[ 10]: 150007 Group[ 11]: 150257 Group[ 12]: 150256 [2008/07/16 17:09:18, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(150122,150122) gid=(0,150004) [2008/07/16 17:09:18, 1] smbd/service.c:make_connection_snum(1190) __ffff_62.177.168.80 (::ffff:62.177.168.80) connect to service zetahack initially as user MACROSCOOP\pim (uid=150122, gid=150004) (pid 12479) [2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:18, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:18, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=ZETAHACK [2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) size=66 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3584 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 31 (0x1F) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_bcc=17 [2008/07/16 17:09:18, 10] lib/util.c:dump_data(2226) [000] 4C 50 54 31 3A 00 00 4E 00 54 00 46 00 53 00 00 LPT1:..N .T.F.S.. [010] 00 . [2008/07/16 17:09:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 48 [2008/07/16 17:09:18, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x30 [2008/07/16 17:09:18, 3] smbd/process.c:process_smb(1549) Transaction 57 of length 52 (0 toread) [2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) size=48 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1560 smb_uid=101 smb_mid=3648 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=9 [2008/07/16 17:09:18, 10] lib/util.c:dump_data(2226) [000] 04 50 00 49 00 4D 00 00 00 .P.I.M.. . [2008/07/16 17:09:18, 3] smbd/process.c:switch_message(1361) switch message SMBsplopen (pid 12479) conn 0xb95b3728 [2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 contains 17 SIDs SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 SID[ 15]: S-1-5-32-545 SID[ 16]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 150122 Primary group is 150004 and contains 13 supplementary groups Group[ 0]: 150000 Group[ 1]: 150004 Group[ 2]: 150009 Group[ 3]: 150152 Group[ 4]: 150005 Group[ 5]: 150189 Group[ 6]: 150153 Group[ 7]: 150154 Group[ 8]: 150188 Group[ 9]: 150006 Group[ 10]: 150007 Group[ 11]: 150257 Group[ 12]: 150256 [2008/07/16 17:09:18, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(150122,150122) gid=(0,150004) [2008/07/16 17:09:18, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /var/spool/samba [2008/07/16 17:09:18, 5] smbd/files.c:file_new(121) allocated file structure 3377, fnum = 7473 (1 used) [2008/07/16 17:09:18, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(150122, 150004) : sec_ctx_stack_ndx = 1 [2008/07/16 17:09:18, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:18, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (150122, 150004) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:18, 10] printing/nt_printing.c:get_a_printer_internal(4721) get_a_printer: [zetahack] level 2 [2008/07/16 17:09:18, 10] printing/nt_printing.c:get_a_printer_2_default(4009) get_a_printer_2_default: driver name set to [] [2008/07/16 17:09:18, 5] printing/print_cups.c:cups_pull_comment_location(1224) pulling zetahack location [2008/07/16 17:09:18, 10] printing/print_cups.c:cups_connect(64) connecting to cups server /var/run/cups/cups.sock:631 [2008/07/16 17:09:18, 5] printing/print_cups.c:cups_pull_comment_location(1312) cups_pull_comment_location: Using cups location: [2008/07/16 17:09:18, 5] printing/print_cups.c:cups_pull_comment_location(1300) cups_pull_comment_location: Using cups comment: Zetafax hack [2008/07/16 17:09:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 sec_io_desc_buf nt_printing_getsec [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 max_len: 000000c8 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 ptr : 00000001 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0008 len : 000000c8 [2008/07/16 17:09:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 00000c sec_io_desc sec [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c revision: 0001 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000e type : 8004 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 off_owner_sid: 000000a8 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 off_grp_sid : 000000b8 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0018 off_sacl : 00000000 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c off_dacl : 00000014 [2008/07/16 17:09:18, 8] rpc_parse/parse_prs.c:prs_debug(88) 0000b4 smb_io_dom_sid owner_sid [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b4 sid_rev_num: 01 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b5 num_auths : 02 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b6 id_auth[0] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b7 id_auth[1] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b8 id_auth[2] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00b9 id_auth[3] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ba id_auth[4] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00bb id_auth[5] : 05 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 00bc sub_auths : 00000020 00000220 [2008/07/16 17:09:18, 8] rpc_parse/parse_prs.c:prs_debug(88) 000020 sec_io_acl dacl [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 revision: 0002 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 size : 0094 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 num_aces : 00000005 [2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) 000028 sec_io_ace ace_list[00]: [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 type : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0029 flags: 02 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a size : 0014 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c access_mask: 20020008 [2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_dom_sid trustee [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 sid_rev_num: 01 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 num_auths : 01 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 id_auth[0] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 id_auth[1] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0034 id_auth[2] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0035 id_auth[3] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0036 id_auth[4] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0037 id_auth[5] : 01 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0038 sub_auths : 00000000 [2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) 00003c sec_io_ace ace_list[01]: [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003c type : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003d flags: 09 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003e size : 0024 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 access_mask: 100f000c [2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) 000044 smb_io_dom_sid trustee [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0044 sid_rev_num: 01 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0045 num_auths : 05 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0046 id_auth[0] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0047 id_auth[1] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 id_auth[2] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 id_auth[3] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a id_auth[4] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b id_auth[5] : 05 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 004c sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 [2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) 000060 sec_io_ace ace_list[02]: [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0060 type : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0061 flags: 02 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0062 size : 0024 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0064 access_mask: 100f000c [2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) 000068 smb_io_dom_sid trustee [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0068 sid_rev_num: 01 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0069 num_auths : 05 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006a id_auth[0] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006b id_auth[1] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006c id_auth[2] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006d id_auth[3] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006e id_auth[4] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 006f id_auth[5] : 05 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0070 sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 [2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) 000084 sec_io_ace ace_list[03]: [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0084 type : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0085 flags: 09 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0086 size : 0018 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0088 access_mask: 100f000c [2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) 00008c smb_io_dom_sid trustee [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008c sid_rev_num: 01 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008d num_auths : 02 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008e id_auth[0] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008f id_auth[1] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0090 id_auth[2] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0091 id_auth[3] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0092 id_auth[4] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0093 id_auth[5] : 05 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 0094 sub_auths : 00000020 00000220 [2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) 00009c sec_io_ace ace_list[04]: [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009c type : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009d flags: 02 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 009e size : 0018 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 00a0 access_mask: 100f000c [2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) 0000a4 smb_io_dom_sid trustee [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a4 sid_rev_num: 01 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a5 num_auths : 02 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a6 id_auth[0] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a7 id_auth[1] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a8 id_auth[2] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a9 id_auth[3] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00aa id_auth[4] : 00 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ab id_auth[5] : 05 [2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) 00ac sub_auths : 00000020 00000220 [2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5668) secdesc_ctr for zetahack has 5 aces: [2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-1-0 0 2 0x20020008 [2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-21-995976282-251809560-1267956476-500 0 9 0x100f000c [2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-21-995976282-251809560-1267956476-500 0 2 0x100f000c [2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-32-544 0 9 0x100f000c [2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) S-1-5-32-544 0 2 0x100f000c [2008/07/16 17:09:18, 4] printing/printing.c:print_cache_expired(1085) print_cache_expired: cache expired for queue zetahack (last_qscan_time = 1209975349, time now = 1216220958, qcachetime = 30) [2008/07/16 17:09:18, 10] printing/printing.c:print_job_start(2418) print_job_start: Queue zetahack number of jobs (50), max printjobs = 1000 [2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer zetahack to notify_queue_head [2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer zetahack to notify_queue_head [2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer zetahack to notify_queue_head [2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer zetahack to notify_queue_head [2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer zetahack to notify_queue_head [2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer zetahack to notify_queue_head [2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer zetahack to notify_queue_head [2008/07/16 17:09:18, 10] printing/printing.c:add_to_jobs_changed(2349) add_to_jobs_changed: Added jobid 182 [2008/07/16 17:09:18, 10] printing/printing.c:pjobid_to_rap(66) pjobid_to_rap: called. [2008/07/16 17:09:18, 10] printing/printing.c:pjobid_to_rap(101) pjobid_to_rap: created jobid 182 maps to RAP jobid 1 [2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(340) print_job_find: looking up job 182 for share zetahack [2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(369) print_job_find: returning system job -1 for jobid 182. [2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(340) print_job_find: looking up job 182 for share zetahack [2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(369) print_job_find: returning system job -1 for jobid 182. [2008/07/16 17:09:18, 3] smbd/reply.c:reply_printopen(4627) openprint fd=29 fnum=7473 [2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1560 smb_uid=101 smb_mid=3648 smt_wct=1 smb_vwv[ 0]= 7473 (0x1D31) smb_bcc=0 [2008/07/16 17:09:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 37 [2008/07/16 17:09:18, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x25 [2008/07/16 17:09:18, 3] smbd/process.c:process_smb(1549) Transaction 58 of length 41 (0 toread) [2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) [2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=3712 smt_wct=1 smb_vwv[ 0]= 7473 (0x1D31) smb_bcc=0 [2008/07/16 17:09:18, 3] smbd/process.c:switch_message(1361) switch message SMBsplclose (pid 12479) conn 0xb95b3728 [2008/07/16 17:09:18, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/16 17:09:18, 3] smbd/reply.c:reply_printclose(4665) printclose fd=29 fnum=7473 [2008/07/16 17:09:18, 10] printing/printing.c:rap_to_pjobid(110) rap_to_pjobid called. [2008/07/16 17:09:18, 10] printing/printing.c:rap_to_pjobid(125) rap_to_pjobid: jobid 182 maps to RAP jobid 1 [2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(340) print_job_find: looking up job 182 for share zetahack [2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(369) print_job_find: returning system job -1 for jobid 182. [2008/07/16 17:09:18, 5] printing/printing.c:print_job_end(2556) print_job_end: canceling spool of /var/spool/samba/smbprn.00000182.WgEvpc (zero length) [2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(340) print_job_find: looking up job 182 for share zetahack [2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(369) print_job_find: returning system job -1 for jobid 182. [2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer zetahack to notify_queue_head [2008/07/16 17:09:18, 10] printing/printing.c:remove_from_jobs_changed(1909) remove_from_jobs_changed: removed jobid 182 [2008/07/16 17:09:18, 10] printing/printing.c:rap_jobid_delete(143) rap_jobid_delete: called. [2008/07/16 17:09:18, 10] printing/printing.c:rap_jobid_delete(163) rap_jobid_delete: deleting jobid 182 [2008/07/16 17:09:18, 5] smbd/files.c:file_free(428) freed files structure 7473 (0 used) [2008/07/16 17:09:19, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:19, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:19, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:19, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:19, 5] printing/notify.c:print_notify_send_messages_to_printer(171) print_notify_send_messages_to_printer: sending 8 print notify messages to printer zetahack [2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key B9300000FFFFFFFF0000 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95aec68 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key B9300000FFFFFFFF0000 [2008/07/16 17:09:25, 3] smbd/server.c:exit_server_common(944) Server exit (normal exit) [2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key BE300000FFFFFFFF0000 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) [2008/07/16 17:09:25, 10] smbd/process.c:async_processing(649) Allocated locked data 0x0xb95abe60 [2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(42) deleting connection record returned NT_STATUS_NOT_FOUND [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key BE300000FFFFFFFF0000 [2008/07/16 17:09:25, 3] smbd/server.c:exit_server_common(944) Server exit (normal exit) async_processing: Doing async processing. [2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:25, 1] smbd/service.c:close_cnum(1401) __ffff_62.177.168.80 (::ffff:62.177.168.80) closed connection to service zetahack [2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) Yielding connection to zetahack [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key BF300000020000007A65 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95b4290 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key BF300000020000007A65 [2008/07/16 17:09:25, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:25, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /tmp [2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:25, 3] smbd/service.c:close_cnum(1401) __ffff_62.177.168.80 (::ffff:62.177.168.80) closed connection to service IPC$ [2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key BF300000010000004950 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95b3728 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key BF300000010000004950 [2008/07/16 17:09:25, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F31323437392F31 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95b2090 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F31323437392F31 [2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key BF300000FFFFFFFF0000 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb95b12e8 [2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key BF300000FFFFFFFF0000 [2008/07/16 17:09:25, 3] smbd/server.c:exit_server_common(944) Server exit (termination signal)