The Samba-Bugzilla – Attachment 3416 Details for
Bug 5617
xp/2003 explorer freezes browsing shares on samba ipv6 hosts
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
level 10 smbd log
log.smbd (text/plain), 709.25 KB, created by
Pim Zandbergen
on 2008-07-16 10:27:40 UTC
(
hide
)
Description:
level 10 smbd log
Filename:
MIME Type:
Creator:
Pim Zandbergen
Created:
2008-07-16 10:27:40 UTC
Size:
709.25 KB
patch
obsolete
>[2008/07/16 17:09:10, 0] smbd/server.c:main(1208) > smbd version 3.2.0-17.fc9 started. > Copyright Andrew Tridgell and the Samba Team 1992-2008 >[2008/07/16 17:09:10, 5] lib/debug.c:debug_dump_status(395) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > registry: False/0 >[2008/07/16 17:09:10, 4] param/loadparm.c:lp_load_ex(8724) > pm_process() returned Yes >[2008/07/16 17:09:10, 7] param/loadparm.c:lp_servicenumber(8917) > lp_servicenumber: couldn't find homes >[2008/07/16 17:09:10, 10] param/loadparm.c:set_server_role(7905) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS-2LE >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS-2LE >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-16LE >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-16LE >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS-2BE >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS-2BE >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-16BE >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-16BE >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF8 >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF8 >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-8 >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-8 >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset ASCII >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset ASCII >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset 646 >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset 646 >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset ISO-8859-1 >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset ISO-8859-1 >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS2-HEX >[2008/07/16 17:09:10, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS2-HEX >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 2] lib/tallocmsg.c:register_msg_pool_usage(106) > Registered MSG_REQ_POOL_USAGE >[2008/07/16 17:09:10, 2] lib/dmallocmsg.c:register_dmalloc_msgs(77) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2008/07/16 17:09:10, 3] param/loadparm.c:lp_load_ex(8681) > lp_load_ex: refreshing parameters >Initialising global parameters >[2008/07/16 17:09:10, 3] param/params.c:pm_process(569) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2008/07/16 17:09:10, 3] param/loadparm.c:do_section(7346) > Processing section "[global]" > doing parameter workgroup = MACROSCOOP > doing parameter server string = Fedora 9 - Samba %v > doing parameter printing = cups > doing parameter printcap name = cups > doing parameter load printers = yes > doing parameter socket options = TCP_NODELAY > doing parameter dns proxy = no > doing parameter time server = yes > doing parameter security = ads > doing parameter realm = MACROSCOOP.NL > doing parameter encrypt passwords = yes > doing parameter disable netbios = yes > doing parameter smb ports = 445 > doing parameter ldap admin dn = cn=Manager,dc=macroscoop,dc=nl > doing parameter ldap suffix = dc=macroscoop,dc=nl > doing parameter ldap idmap suffix = ou=Idmap > doing parameter idmap backend = ldap:ldap://idmap.macroscoop.nl > doing parameter idmap uid = 150000-550000 > doing parameter idmap gid = 150000-550000 > doing parameter template homedir = /home/%U > doing parameter template shell = /bin/bash > doing parameter winbind use default domain = yes > doing parameter log level = 10 >[2008/07/16 17:09:10, 5] lib/debug.c:debug_dump_status(395) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > registry: False/0 >[2008/07/16 17:09:10, 2] param/loadparm.c:do_section(7363) > Processing section "[homes]" >[2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) > add_a_service: Creating snum = 0 for homes >[2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5800) > hash_a_service: creating servicehash >[2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) > hash_a_service: hashing index 0 for service name homes > doing parameter comment = Home Directories > doing parameter browseable = no > doing parameter writable = yes >[2008/07/16 17:09:10, 2] param/loadparm.c:do_section(7363) > Processing section "[printers]" >[2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) > add_a_service: Creating snum = 1 for printers >[2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) > hash_a_service: hashing index 1 for service name printers > doing parameter comment = All Printers > doing parameter path = /var/spool/samba > doing parameter browseable = no > doing parameter guest ok = no > doing parameter writable = no > doing parameter printable = yes >[2008/07/16 17:09:10, 2] param/loadparm.c:do_section(7363) > Processing section "[print$]" >[2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) > add_a_service: Creating snum = 2 for print$ >[2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) > hash_a_service: hashing index 2 for service name print$ > doing parameter comment = Printer Drivers > doing parameter path = /var/spool/samba/drivers > doing parameter browseable = no > doing parameter guest ok = no > doing parameter read only = no >[2008/07/16 17:09:10, 4] param/loadparm.c:lp_load_ex(8724) > pm_process() returned Yes >[2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) > add_a_service: Creating snum = 3 for IPC$ >[2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) > hash_a_service: hashing index 3 for service name IPC$ >[2008/07/16 17:09:10, 3] param/loadparm.c:lp_add_ipc(5906) > adding IPC service >[2008/07/16 17:09:10, 10] param/loadparm.c:set_server_role(7905) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:10, 3] printing/pcap.c:pcap_cache_reload(116) > reloading printcap cache >[2008/07/16 17:09:10, 5] printing/print_cups.c:cups_cache_reload(93) > reloading cups printcap cache >[2008/07/16 17:09:10, 10] printing/print_cups.c:cups_connect(64) > connecting to cups server /var/run/cups/cups.sock:631 >[2008/07/16 17:09:10, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: ok >[2008/07/16 17:09:10, 7] param/loadparm.c:lp_servicenumber(8917) > lp_servicenumber: couldn't find zetahack >[2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) > add_a_service: Creating snum = 4 for zetahack >[2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) > hash_a_service: hashing index 4 for service name zetahack >[2008/07/16 17:09:10, 3] param/loadparm.c:lp_add_printer(5945) > adding printer service zetahack >[2008/07/16 17:09:10, 7] param/loadparm.c:lp_servicenumber(8917) > lp_servicenumber: couldn't find Cups-PDF >[2008/07/16 17:09:10, 8] param/loadparm.c:add_a_service(5762) > add_a_service: Creating snum = 5 for Cups-PDF >[2008/07/16 17:09:10, 10] param/loadparm.c:hash_a_service(5809) > hash_a_service: hashing index 5 for service name Cups-PDF >[2008/07/16 17:09:10, 3] param/loadparm.c:lp_add_printer(5945) > adding printer service Cups-PDF >[2008/07/16 17:09:10, 6] param/loadparm.c:lp_file_list_changed(6625) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 > >[2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) > added interface eth0 ip=2001:7b8:3cf:0:219:d1ff:fee3:a53b bcast=2001:7b8:3cf:0:ffff:ffff:ffff:ffff netmask=ffff:ffff:ffff:ffff:: >[2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) > added interface eth1 ip=fe80::201:36ff:fe07:1266%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: >[2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) > added interface eth0 ip=fe80::219:d1ff:fee3:a53b%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >[2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) > added interface virbr0 ip=fe80::d45a:7eff:fe62:c257%virbr0 bcast=fe80::ffff:ffff:ffff:ffff%virbr0 netmask=ffff:ffff:ffff:ffff:: >[2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) > added interface eth1 ip=192.168.119.1 bcast=192.168.119.255 netmask=255.255.255.0 >[2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) > added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255 netmask=255.255.255.0 >[2008/07/16 17:09:10, 2] lib/interface.c:add_interface(334) > added interface eth0 ip=62.177.168.217 bcast=62.177.168.255 netmask=255.255.255.0 >[2008/07/16 17:09:10, 5] lib/util.c:init_names(274) > Netbios name list:- > my_netbios_names[0]="APPEL" >[2008/07/16 17:09:10, 3] smbd/server.c:main(1255) > loaded services >[2008/07/16 17:09:10, 3] smbd/server.c:main(1270) > Becoming a daemon. >[2008/07/16 17:09:10, 8] lib/util.c:fcntl_lock(2017) > fcntl_lock fd=8 op=13 offset=0 count=1 type=1 >[2008/07/16 17:09:10, 8] lib/util.c:fcntl_lock(2036) > fcntl_lock: Lock call successful >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) > Attempting to register passdb backend ldapsam >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) > Successfully added passdb backend 'ldapsam' >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) > Attempting to register passdb backend ldapsam_compat >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) > Successfully added passdb backend 'ldapsam_compat' >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) > Attempting to register passdb backend NDS_ldapsam >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) > Successfully added passdb backend 'NDS_ldapsam' >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) > Attempting to register passdb backend NDS_ldapsam_compat >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) > Successfully added passdb backend 'NDS_ldapsam_compat' >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) > Attempting to register passdb backend smbpasswd >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) > Successfully added passdb backend 'smbpasswd' >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(63) > Attempting to register passdb backend tdbsam >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:smb_register_passdb(76) > Successfully added passdb backend 'tdbsam' >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:make_pdb_method_name(133) > Attempting to find an passdb backend to match smbpasswd (smbpasswd) >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:make_pdb_method_name(154) > Found pdb backend smbpasswd >[2008/07/16 17:09:10, 5] passdb/pdb_interface.c:make_pdb_method_name(165) > pdb backend smbpasswd has a valid init >[2008/07/16 17:09:10, 5] lib/gencache.c:gencache_init(61) > Opening cache file at /var/lib/samba/gencache.tdb >[2008/07/16 17:09:10, 5] libsmb/namecache.c:namecache_enable(59) > namecache_enable: enabling netbios namecache, timeout 660 seconds >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_init(73) > reghook_cache_init: new tree with default ops 0xb8017aa0 for key [] >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a26c0 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2b40 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2278 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a4b00 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SYSTEM] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SYSTEM] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a1d78 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2408 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SYSTEM] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2858 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2720 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SOFTWARE\Samba\smbconf] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Samba] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Samba] with subkey [smbconf] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Samba\smbconf] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a1dc8 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2430 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a20d0 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2b90 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F534F465457 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SYSTEM] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a1520 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a1520 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SYSTEM] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a20d0 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a16e8 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SYSTEM] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a1b88 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2280 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SYSTEM] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Tcpip] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip] with subkey [Parameters] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a20d0 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a20d0 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM] with subkey [SYSTEM] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a20d0 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a1b88 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B4C4D2F5359535445 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKU] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKU] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B5500 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2ac8 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B5500 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B5500 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2ac8 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B5500 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKCR] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKCR] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B435200 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a4b80 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B435200 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B435200 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a4b80 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B435200 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKPD] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKPD] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B504400 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a4bc0 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B504400 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B504400 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a4bc0 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B504400 >[2008/07/16 17:09:10, 6] registry/reg_backend_db.c:init_registry_key_internal(98) > init_registry_key: Adding [HKPT] >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:init_registry_key_internal(153) > init_registry_key: Storing key [HKPT] with subkey [NULL] >[2008/07/16 17:09:10, 5] lib/util_tdb.c:tdb_wrap_log(886) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B505400 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a1530 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B505400 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 484B505400 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a1530 >[2008/07/16 17:09:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 484B505400 >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:regdb_fetch_values(868) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) > specific: [Samba Printer Port], len: 2 >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:regdb_fetch_values(868) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) > specific: [DefaultSpoolDirectory], len: 70 >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:regdb_fetch_values(868) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) > specific: [DisplayName], len: 20 >[2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) > specific: [ErrorControl], len: 4 >[2008/07/16 17:09:10, 10] registry/reg_backend_db.c:regdb_fetch_values(868) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) > specific: [DisplayName], len: 20 >[2008/07/16 17:09:10, 8] registry/reg_backend_db.c:regdb_unpack_values(815) > specific: [ErrorControl], len: 4 >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017c20 for key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017c20 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017c20 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017c60 for key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017b40 for key [/HKLM/SOFTWARE/Samba/smbconf] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Samba/smbconf] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017ca0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017ce0 for key [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017d20 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017d60 for key [/HKPT] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKPT] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017da0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:10, 10] registry/reg_cachehook.c:reghook_cache_add(97) > reghook_cache_add: Adding ops 0xb8017de0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(200) > pathtree_add: Enter >[2008/07/16 17:09:10, 10] lib/adt_tree.c:pathtree_add(267) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] to tree >[2008/07/16 17:09:10, 8] lib/adt_tree.c:pathtree_add(269) > pathtree_add: Exit >[2008/07/16 17:09:11, 10] passdb/lookup_sid.c:uid_to_sid(1306) > uid 0 -> sid S-1-22-1 >[2008/07/16 17:09:11, 10] passdb/lookup_sid.c:gid_to_sid(1335) > gid 0 -> sid S-1-22-2 >[2008/07/16 17:09:11, 10] auth/token_util.c:create_local_nt_token(302) > Create local NT token for S-1-22-1 >[2008/07/16 17:09:11, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-32-544 -> gid 150256 >[2008/07/16 17:09:11, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-32-545 -> gid 150257 >[2008/07/16 17:09:11, 3] smbd/sec_ctx.c:push_sec_ctx(224) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:11, 3] smbd/uid.c:push_conn_ctx(357) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2008/07/16 17:09:11, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:11, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:11, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:11, 3] smbd/sec_ctx.c:pop_sec_ctx(432) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (1) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Spooler] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Spooler] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [NETLOGON] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [NETLOGON] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [RemoteRegistry] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [RemoteRegistry] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [WINS] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [WINS] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >[2008/07/16 17:09:11, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:11, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2008/07/16 17:09:11, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1. >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:11, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-22-1 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 >[2008/07/16 17:09:11, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (f003f) granted. >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (4) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (3) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_store_values(908) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (1) >[2008/07/16 17:09:11, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (0) >[2008/07/16 17:09:11, 10] printing/nt_printing.c:update_c_setprinter(737) > update_c_setprinter: c_setprinter = 0 >[2008/07/16 17:09:11, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/MACROSCOOP.NL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 >[2008/07/16 17:09:11, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for MACROSCOOP.NL: "Default-First-Site-Name" >[2008/07/16 17:09:11, 6] libads/ldap.c:ads_find_dc(318) > ads_find_dc: looking for realm 'MACROSCOOP.NL' >[2008/07/16 17:09:11, 8] libsmb/namequery.c:get_sorted_dc_list(2093) > get_sorted_dc_list: attempting lookup for name MACROSCOOP.NL (sitename Default-First-Site-Name) using [ads] >[2008/07/16 17:09:11, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/MACROSCOOP.NL, value = 62.177.168.231, timeout = Wed Jul 16 17:24:11 2008 >[2008/07/16 17:09:11, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "62.177.168.231" for "MACROSCOOP.NL" domain >[2008/07/16 17:09:11, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "62.177.168.231, *" >[2008/07/16 17:09:11, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up MACROSCOOP.NL#1c (sitename Default-First-Site-Name) >[2008/07/16 17:09:11, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/MACROSCOOP.NL#1C, value = 62.177.168.231:389,[2001:7b8:3cf:0:20c:76ff:fe29:35b0]:389,62.177.168.234:389,[2001:7b8:3cf:0:207:e9ff:fe3f:86b]:389, timeout = Wed Jul 16 17:16:01 2008 >[2008/07/16 17:09:11, 5] libsmb/namecache.c:namecache_fetch(233) > name MACROSCOOP.NL#1C found. >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/07/16 17:09:11, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 4 DC's from auto lookup >[2008/07/16 17:09:11, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/07/16 17:09:11, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 4 ip addresses in an ordered list >[2008/07/16 17:09:11, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 62.177.168.231:389 2001:7b8:3cf:0:20c:76ff:fe29:35b0:389 62.177.168.234:389 2001:7b8:3cf:0:207:e9ff:fe3f:86b:389 >[2008/07/16 17:09:11, 5] libads/ldap.c:ads_try_connect(188) > ads_try_connect: sending CLDAP request to 62.177.168.231 (realm: MACROSCOOP.NL) > r : union nbt_cldap_netlogon(case 6) > logon5: struct nbt_cldap_netlogon_5 > type : NETLOGON_RESPONSE_FROM_PDC2 (23) > sbz : 0x0000 (0) > server_type : 0x000001f8 (504) > 0: NBT_SERVER_PDC > 0: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 70310d83-1b97-4488-89ae-9669a4dbe6bc > forest : 'macroscoop.nl' > dns_domain : 'macroscoop.nl' > pdc_dns_name : 'dou.macroscoop.nl' > domain : 'MACROSCOOP' > pdc_name : 'DOU' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > nt_version : 0x00000005 (5) > 1: NETLOGON_VERSION_1 > 0: NETLOGON_VERSION_5 > 1: NETLOGON_VERSION_5EX > 0: NETLOGON_VERSION_5EX_WITH_IP > 0: NETLOGON_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_VERSION_AVOID_NT4_EMUL > 0: NETLOGON_VERSION_PDC > 0: NETLOGON_VERSION_IP > 0: NETLOGON_VERSION_LOCAL > 0: NETLOGON_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2008/07/16 17:09:11, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [MACROSCOOP], sitename = [Default-First-Site-Name], expire = [2147483647] >[2008/07/16 17:09:11, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/MACROSCOOP; value = Default-First-Site-Name and timeout = Tue Jan 19 04:14:07 2038 > (931262696 seconds ahead) >[2008/07/16 17:09:11, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [macroscoop.nl], sitename = [Default-First-Site-Name], expire = [2147483647] >[2008/07/16 17:09:11, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/MACROSCOOP.NL; value = Default-First-Site-Name and timeout = Tue Jan 19 04:14:07 2038 > (931262696 seconds ahead) >[2008/07/16 17:09:11, 3] libads/ldap.c:ads_connect(430) > Successfully contacted LDAP server 62.177.168.231 >[2008/07/16 17:09:11, 10] libads/ldap.c:ldap_open_with_timeout(62) > Opening connection to LDAP server 'dou.macroscoop.nl:389', timeout 15 seconds >[2008/07/16 17:09:11, 10] libads/ldap.c:ldap_open_with_timeout(76) > Connected to LDAP server 'dou.macroscoop.nl:389' >[2008/07/16 17:09:11, 3] libads/ldap.c:ads_connect(480) > Connected to LDAP server dou.macroscoop.nl >[2008/07/16 17:09:11, 10] libads/ldap.c:ads_closest_dc(155) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2008/07/16 17:09:11, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [MACROSCOOP], server = [62.177.168.231], expire = [1216221851] >[2008/07/16 17:09:11, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/MACROSCOOP; value = 62.177.168.231 and timeout = Wed Jul 16 17:24:11 2008 > (900 seconds ahead) >[2008/07/16 17:09:11, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [MACROSCOOP.NL], server = [62.177.168.231], expire = [1216221851] >[2008/07/16 17:09:11, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/MACROSCOOP.NL; value = 62.177.168.231 and timeout = Wed Jul 16 17:24:11 2008 > (900 seconds ahead) >[2008/07/16 17:09:11, 4] libads/ldap.c:ads_current_time(2607) > time offset is 0 seconds >[2008/07/16 17:09:11, 4] libads/sasl.c:ads_sasl_bind(1112) > Found SASL mechanism GSS-SPNEGO >[2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >[2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >[2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >[2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >[2008/07/16 17:09:11, 3] libads/sasl.c:ads_sasl_spnego_bind(789) > ads_sasl_spnego_bind: got server principal name = dou$@MACROSCOOP.NL >[2008/07/16 17:09:11, 3] libsmb/clikrb5.c:ads_krb5_mk_req(657) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >[2008/07/16 17:09:11, 10] libads/sasl.c:ads_sasl_spnego_bind(810) > ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit >[2008/07/16 17:09:11, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) > kerberos_kinit_password: as APPEL$@MACROSCOOP.NL using [MEMORY:prtpub_cache] as ccache and config [(null)] >[2008/07/16 17:09:12, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(592) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Thu, 17 Jul 2008 03:09:11 CEST >[2008/07/16 17:09:12, 10] libsmb/clikrb5.c:ads_krb5_mk_req(688) > ads_krb5_mk_req: Ticket (dou$@MACROSCOOP.NL) in ccache (MEMORY:prtpub_cache) is valid until: (Thu, 17 Jul 2008 03:09:11 CEST - 1216256951) >[2008/07/16 17:09:12, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(799) > Got KRB5 session key of length 16 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_internal(4721) > get_a_printer: [printers] level 2 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_2_default(4009) > get_a_printer_2_default: driver name set to [] >[2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1224) > pulling printers location >[2008/07/16 17:09:12, 10] printing/print_cups.c:cups_connect(64) > connecting to cups server /var/run/cups/cups.sock:631 >[2008/07/16 17:09:12, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 sec_io_desc_buf nt_printing_getsec >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 max_len: 000000c8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 ptr : 00000001 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 len : 000000c8 >[2008/07/16 17:09:12, 7] rpc_parse/parse_prs.c:prs_debug(88) > 00000c sec_io_desc sec >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c revision: 0001 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000e type : 8004 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 off_owner_sid: 000000a8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 off_grp_sid : 000000b8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 off_sacl : 00000000 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 001c off_dacl : 00000014 >[2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) > 0000b4 smb_io_dom_sid owner_sid >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b4 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b5 num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b6 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b7 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b8 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b9 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ba id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00bb id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 00bc sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) > 000020 sec_io_acl dacl >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0020 revision: 0002 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0022 size : 0094 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 num_aces : 00000005 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000028 sec_io_ace ace_list[00]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0029 flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a size : 0014 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 002c access_mask: 20020008 >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 num_auths : 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0034 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0035 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0036 id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0037 id_auth[5] : 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0038 sub_auths : 00000000 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 00003c sec_io_ace ace_list[01]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003c type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003d flags: 09 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003e size : 0024 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 num_auths : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 004c sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000060 sec_io_ace ace_list[02]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0060 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0061 flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0062 size : 0024 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0064 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000068 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0068 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0069 num_auths : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006a id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006b id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006c id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006d id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006e id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006f id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0070 sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000084 sec_io_ace ace_list[03]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0084 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0085 flags: 09 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0086 size : 0018 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0088 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 00008c smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008c sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008d num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008e id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008f id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0090 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0091 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0092 id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0093 id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0094 sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 00009c sec_io_ace ace_list[04]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009c type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009d flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 009e size : 0018 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 00a0 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 0000a4 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a4 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a5 num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a6 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a7 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a8 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a9 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00aa id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ab id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 00ac sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5668) > secdesc_ctr for printers has 5 aces: >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-1-0 0 2 0x20020008 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-21-995976282-251809560-1267956476-500 0 9 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-21-995976282-251809560-1267956476-500 0 2 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-32-544 0 9 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-32-544 0 2 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_internal(4721) > get_a_printer: [zetahack] level 2 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_2_default(4009) > get_a_printer_2_default: driver name set to [] >[2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1224) > pulling zetahack location >[2008/07/16 17:09:12, 10] printing/print_cups.c:cups_connect(64) > connecting to cups server /var/run/cups/cups.sock:631 >[2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1312) > cups_pull_comment_location: Using cups location: >[2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1300) > cups_pull_comment_location: Using cups comment: Zetafax hack >[2008/07/16 17:09:12, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 sec_io_desc_buf nt_printing_getsec >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 max_len: 000000c8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 ptr : 00000001 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 len : 000000c8 >[2008/07/16 17:09:12, 7] rpc_parse/parse_prs.c:prs_debug(88) > 00000c sec_io_desc sec >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c revision: 0001 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000e type : 8004 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 off_owner_sid: 000000a8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 off_grp_sid : 000000b8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 off_sacl : 00000000 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 001c off_dacl : 00000014 >[2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) > 0000b4 smb_io_dom_sid owner_sid >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b4 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b5 num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b6 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b7 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b8 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b9 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ba id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00bb id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 00bc sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) > 000020 sec_io_acl dacl >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0020 revision: 0002 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0022 size : 0094 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 num_aces : 00000005 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000028 sec_io_ace ace_list[00]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0029 flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a size : 0014 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 002c access_mask: 20020008 >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 num_auths : 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0034 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0035 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0036 id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0037 id_auth[5] : 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0038 sub_auths : 00000000 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 00003c sec_io_ace ace_list[01]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003c type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003d flags: 09 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003e size : 0024 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 num_auths : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 004c sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000060 sec_io_ace ace_list[02]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0060 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0061 flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0062 size : 0024 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0064 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000068 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0068 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0069 num_auths : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006a id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006b id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006c id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006d id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006e id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006f id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0070 sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000084 sec_io_ace ace_list[03]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0084 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0085 flags: 09 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0086 size : 0018 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0088 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 00008c smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008c sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008d num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008e id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008f id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0090 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0091 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0092 id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0093 id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0094 sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 00009c sec_io_ace ace_list[04]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009c type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009d flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 009e size : 0018 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 00a0 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 0000a4 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a4 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a5 num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a6 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a7 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a8 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a9 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00aa id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ab id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 00ac sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5668) > secdesc_ctr for zetahack has 5 aces: >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-1-0 0 2 0x20020008 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-21-995976282-251809560-1267956476-500 0 9 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-21-995976282-251809560-1267956476-500 0 2 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-32-544 0 9 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-32-544 0 2 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_internal(4721) > get_a_printer: [Cups-PDF] level 2 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:get_a_printer_2_default(4009) > get_a_printer_2_default: driver name set to [] >[2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1224) > pulling Cups-PDF location >[2008/07/16 17:09:12, 10] printing/print_cups.c:cups_connect(64) > connecting to cups server /var/run/cups/cups.sock:631 >[2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1312) > cups_pull_comment_location: Using cups location: >[2008/07/16 17:09:12, 5] printing/print_cups.c:cups_pull_comment_location(1300) > cups_pull_comment_location: Using cups comment: Cups-PDF >[2008/07/16 17:09:12, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 sec_io_desc_buf nt_printing_getsec >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 max_len: 000000c8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 ptr : 00000001 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 len : 000000c8 >[2008/07/16 17:09:12, 7] rpc_parse/parse_prs.c:prs_debug(88) > 00000c sec_io_desc sec >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c revision: 0001 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000e type : 8004 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 off_owner_sid: 000000a8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 off_grp_sid : 000000b8 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 off_sacl : 00000000 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 001c off_dacl : 00000014 >[2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) > 0000b4 smb_io_dom_sid owner_sid >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b4 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b5 num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b6 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b7 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b8 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b9 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ba id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00bb id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 00bc sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 8] rpc_parse/parse_prs.c:prs_debug(88) > 000020 sec_io_acl dacl >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0020 revision: 0002 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0022 size : 0094 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 num_aces : 00000005 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000028 sec_io_ace ace_list[00]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0029 flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a size : 0014 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 002c access_mask: 20020008 >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 num_auths : 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0034 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0035 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0036 id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0037 id_auth[5] : 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0038 sub_auths : 00000000 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 00003c sec_io_ace ace_list[01]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003c type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003d flags: 09 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003e size : 0024 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 num_auths : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 004c sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000060 sec_io_ace ace_list[02]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0060 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0061 flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0062 size : 0024 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0064 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000068 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0068 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0069 num_auths : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006a id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006b id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006c id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006d id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006e id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006f id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0070 sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000084 sec_io_ace ace_list[03]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0084 type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0085 flags: 09 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0086 size : 0018 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0088 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 00008c smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008c sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008d num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008e id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008f id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0090 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0091 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0092 id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0093 id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0094 sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 9] rpc_parse/parse_prs.c:prs_debug(88) > 00009c sec_io_ace ace_list[04]: >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009c type : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009d flags: 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 009e size : 0018 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 00a0 access_mask: 100f000c >[2008/07/16 17:09:12, 10] rpc_parse/parse_prs.c:prs_debug(88) > 0000a4 smb_io_dom_sid trustee >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a4 sid_rev_num: 01 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a5 num_auths : 02 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a6 id_auth[0] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a7 id_auth[1] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a8 id_auth[2] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a9 id_auth[3] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00aa id_auth[4] : 00 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ab id_auth[5] : 05 >[2008/07/16 17:09:12, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 00ac sub_auths : 00000020 00000220 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5668) > secdesc_ctr for Cups-PDF has 5 aces: >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-1-0 0 2 0x20020008 >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-21-995976282-251809560-1267956476-500 0 9 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-21-995976282-251809560-1267956476-500 0 2 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-32-544 0 9 0x100f000c >[2008/07/16 17:09:12, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-32-544 0 2 0x100f000c >[2008/07/16 17:09:12, 3] smbd/sec_ctx.c:push_sec_ctx(224) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:12, 3] smbd/uid.c:push_conn_ctx(357) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2008/07/16 17:09:12, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:12, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:12, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:12, 6] passdb/pdb_interface.c:pdb_getsampwsid(273) > pdb_getsampwsid: Building guest account >[2008/07/16 17:09:12, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username nobody, was >[2008/07/16 17:09:12, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) > pdb_set_full_name: setting full name Nobody, was >[2008/07/16 17:09:12, 10] passdb/pdb_get_set.c:pdb_set_domain(603) > pdb_set_domain: setting domain APPEL, was >[2008/07/16 17:09:12, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) > pdb_set_user_sid: setting user sid S-1-5-21-1277291749-436816279-1941180597-501 >[2008/07/16 17:09:12, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1277291749-436816279-1941180597-501 from rid 501 >[2008/07/16 17:09:12, 3] smbd/sec_ctx.c:pop_sec_ctx(432) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:12, 10] lib/system_smbd.c:sys_getgrouplist(122) > sys_getgrouplist: user [nobody] >[2008/07/16 17:09:12, 10] passdb/lookup_sid.c:gid_to_sid(1335) > gid 99 -> sid S-1-22-2-99 >[2008/07/16 17:09:12, 5] auth/auth_util.c:make_server_info_sam(622) > make_server_info_sam: made server info for user nobody -> nobody >[2008/07/16 17:09:12, 10] auth/token_util.c:create_local_nt_token(302) > Create local NT token for S-1-5-21-1277291749-436816279-1941180597-501 >[2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-32-544 -> gid 150256 >[2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-32-545 -> gid 150257 >[2008/07/16 17:09:12, 3] smbd/sec_ctx.c:push_sec_ctx(224) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:12, 3] smbd/uid.c:push_conn_ctx(357) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2008/07/16 17:09:12, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:12, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:12, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:12, 3] smbd/sec_ctx.c:pop_sec_ctx(432) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1413) > sid S-1-22-2-99 -> gid 99 >[2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1426) > winbind failed to find a gid for sid S-1-1-0 >[2008/07/16 17:09:12, 10] auth/auth_util.c:create_local_token(727) > Could not convert SID S-1-1-0 to gid, ignoring it >[2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1426) > winbind failed to find a gid for sid S-1-5-2 >[2008/07/16 17:09:12, 10] auth/auth_util.c:create_local_token(727) > Could not convert SID S-1-5-2 to gid, ignoring it >[2008/07/16 17:09:12, 10] passdb/lookup_sid.c:sid_to_gid(1426) > winbind failed to find a gid for sid S-1-5-32-546 >[2008/07/16 17:09:12, 10] auth/auth_util.c:create_local_token(727) > Could not convert SID S-1-5-32-546 to gid, ignoring it >[2008/07/16 17:09:12, 10] auth/token_util.c:debug_nt_user_token(470) > NT user token of user S-1-5-21-1277291749-436816279-1941180597-501 > contains 5 SIDs > SID[ 0]: S-1-5-21-1277291749-436816279-1941180597-501 > SID[ 1]: S-1-22-2-99 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/07/16 17:09:12, 3] printing/printing.c:start_background_queue(1397) > start_background_queue: Starting background LPQ thread >[2008/07/16 17:09:12, 5] printing/printing.c:start_background_queue(1407) >[2008/07/16 17:09:12, 10] lib/util_sock.c:open_socket_in(1280) > start_background_queue: background LPQ thread started > bind succeeded on port 445 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_KEEPALIVE = 1 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_REUSEADDR = 1 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_BROADCAST = 0 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_NODELAY = 0 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPCNT = 9 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPIDLE = 7200 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPINTVL = 75 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_LOWDELAY = 0 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_THROUGHPUT = 0 >[2008/07/16 17:09:12, 5] smbd/connection.c:claim_connection(142) >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > claiming [smbd lpq backend] > socket option SO_SNDBUF = 16384 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVBUF = 87380 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDLOWAT = 1 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVLOWAT = 1 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDTIMEO = 0 >[2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVTIMEO = 0 > Locking key BE300000FFFFFFFF736D >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_KEEPALIVE = 1 >[2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > Allocated locked data 0x0xb95abe60 > socket option SO_REUSEADDR = 1 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_BROADCAST = 0 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) >[2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > socket option TCP_NODELAY = 1 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPCNT = 9 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPIDLE = 7200 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPINTVL = 75 > Unlocking key BE300000FFFFFFFF736D >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_LOWDELAY = 0 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) >[2008/07/16 17:09:12, 5] printing/printing.c:start_background_queue(1424) > socket option IPTOS_THROUGHPUT = 0 > start_background_queue: background LPQ thread waiting for messages >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDBUF = 16384 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVBUF = 87380 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDLOWAT = 1 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVLOWAT = 1 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDTIMEO = 0 >[2008/07/16 17:09:12, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVTIMEO = 0 >[2008/07/16 17:09:12, 2] lib/util_sock.c:open_socket_in(1267) > bind failed on port 445 socket_addr = 0.0.0.0. > Error = Address already in use >[2008/07/16 17:09:12, 5] smbd/connection.c:claim_connection(142) > claiming [] >[2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key B9300000FFFFFFFF0000 >[2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95abe60 >[2008/07/16 17:09:12, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key B9300000FFFFFFFF0000 >[2008/07/16 17:09:12, 2] smbd/server.c:open_sockets_smbd(580) > waiting for a connection >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_KEEPALIVE = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_REUSEADDR = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_BROADCAST = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_NODELAY = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPCNT = 9 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPIDLE = 7200 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPINTVL = 75 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_LOWDELAY = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_THROUGHPUT = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDBUF = 16384 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVBUF = 87380 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDLOWAT = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVLOWAT = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDTIMEO = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVTIMEO = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_KEEPALIVE = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_REUSEADDR = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_BROADCAST = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_NODELAY = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPCNT = 9 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPIDLE = 7200 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPINTVL = 75 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_LOWDELAY = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_THROUGHPUT = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDBUF = 16384 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVBUF = 87380 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDLOWAT = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVLOWAT = 1 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDTIMEO = 0 >[2008/07/16 17:09:17, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVTIMEO = 0 >[2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 > >[2008/07/16 17:09:17, 3] smbd/oplock.c:init_oplocks(875) > init_oplocks: initializing messages. >[2008/07/16 17:09:17, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(241) > Linux kernel oplocks enabled >[2008/07/16 17:09:17, 10] lib/events.c:event_add_timed(128) > Added timed event "idle_evt(keepalive)": b95af0a8 >[2008/07/16 17:09:17, 10] lib/events.c:event_add_timed(128) > Added timed event "idle_evt(deadtime)": b95af248 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 133 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x85 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 0 of length 137 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 > [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for > [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. > [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM > [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 > [060] 32 00 2. >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBnegprot (pid 12479) conn 0x0 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) > Requested protocol [LANMAN1.0] >[2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) > Requested protocol [Windows for Workgroups 3.1a] >[2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) > Requested protocol [LM1.2X002] >[2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) > Requested protocol [LANMAN2.1] >[2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(568) > Requested protocol [NT LM 0.12] >[2008/07/16 17:09:17, 10] lib/util.c:set_remote_arch(2201) > set_remote_arch: Client arch is 'Win2K' >[2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 > >[2008/07/16 17:09:17, 5] smbd/connection.c:claim_connection(142) > claiming [] >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key BF300000FFFFFFFF0000 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95af900 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key BF300000FFFFFFFF0000 >[2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 > >[2008/07/16 17:09:17, 10] lib/util.c:name_to_fqdn(2956) > name_to_fqdn: lookup for APPEL -> APPEL.macroscoop.nl. >[2008/07/16 17:09:17, 3] smbd/negprot.c:reply_nt1(392) > using SPNEGO >[2008/07/16 17:09:17, 3] smbd/negprot.c:reply_negprot(673) > Selected protocol NT LM 0.12 >[2008/07/16 17:09:17, 5] smbd/negprot.c:reply_negprot(680) > negprot index=5 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=183 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=48896 (0xBF00) > smb_vwv[ 8]= 48 (0x30) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=22796 (0x590C) > smb_vwv[13]=21994 (0x55EA) > smb_vwv[14]=51431 (0xC8E7) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]= 255 (0xFF) > smb_bcc=114 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 61 70 70 65 6C 00 00 00 00 00 00 00 00 00 00 00 appel... ........ > [010] 60 60 06 06 2B 06 01 05 05 02 A0 56 30 54 A0 24 ``..+... ...V0T.$ > [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* > [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... > [040] 37 02 02 0A A3 2C 30 2A A0 28 1B 26 63 69 66 73 7....,0* .(.&cifs > [050] 2F 61 70 70 65 6C 2E 6D 61 63 72 6F 73 63 6F 6F /appel.m acroscoo > [060] 70 2E 6E 6C 40 4D 41 43 52 4F 53 43 4F 4F 50 2E p.nl@MAC ROSCOOP. > [070] 4E 4C NL >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 1696 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x6a0 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 1 of length 1700 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=1696 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 1696 (0x6A0) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 1534 (0x5FE) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=1637 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 60 82 05 FA 06 06 2B 06 01 05 05 02 A0 82 05 EE `.....+. ........ > [010] 30 82 05 EA A0 24 30 22 06 09 2A 86 48 82 F7 12 0....$0" ..*.H... > [020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ > [030] 2B 06 01 04 01 82 37 02 02 0A A2 82 05 C0 04 82 +.....7. ........ > [040] 05 BC 60 82 05 B8 06 09 2A 86 48 86 F7 12 01 02 ..`..... *.H..... > [050] 02 01 00 6E 82 05 A7 30 82 05 A3 A0 03 02 01 05 ...n...0 ........ > [060] A1 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 ........ .. ..... > [070] 04 D1 61 82 04 CD 30 82 04 C9 A0 03 02 01 05 A1 ..a...0. ........ > [080] 0F 1B 0D 4D 41 43 52 4F 53 43 4F 4F 50 2E 4E 4C ...MACRO SCOOP.NL > [090] A2 26 30 24 A0 03 02 01 02 A1 1D 30 1B 1B 04 63 .&0$.... ...0...c > [0A0] 69 66 73 1B 13 61 70 70 65 6C 2E 6D 61 63 72 6F ifs..app el.macro > [0B0] 73 63 6F 6F 70 2E 6E 6C A3 82 04 87 30 82 04 83 scoop.nl ....0... > [0C0] A0 03 02 01 17 A1 03 02 01 04 A2 82 04 75 04 82 ........ .....u.. > [0D0] 04 71 8D 90 A2 68 43 78 7F B5 40 78 06 4D 62 71 .q...hCx ..@x.Mbq > [0E0] 64 A6 6A EB BC 4E 6C 3B A7 9B 1C E3 3C 5A 55 4A d.j..Nl; ....<ZUJ > [0F0] 5F F0 F8 8C AB 84 C3 42 6D F4 CA 3E 26 13 F8 2E _......B m..>&... > [100] F6 B3 F8 BD 35 95 A1 C2 1E 4C 91 40 AD 60 E3 E8 ....5... .L.@.`.. > [110] 37 A7 57 49 E5 59 78 0A 37 5A 62 D8 FE B1 E3 05 7.WI.Yx. 7Zb..... > [120] 24 C8 B0 50 2E 19 D6 7F 4B 5D FC 43 D2 A8 84 CC $..P.... K].C.... > [130] 0E 0E F5 C0 B4 80 9D 8A 03 26 7E F1 C3 3D B2 EA ........ .&~..=.. > [140] EC A2 A6 98 69 61 31 0E A4 AD A1 60 4C 94 E3 67 ....ia1. ...`L..g > [150] A5 23 43 2D 6A 50 A4 EB D0 7F D7 4E 33 15 76 02 .#C-jP.. ...N3.v. > [160] F6 DA C6 2B B9 FB 99 FE 25 02 B9 60 A5 67 B9 75 ...+.... %..`.g.u > [170] D0 C6 F3 22 76 2D E9 29 2D C0 A7 AA 39 37 D4 27 ..."v-.) -...97.' > [180] A3 94 1D 3F B3 DF 65 22 1C E8 00 22 15 B6 AE 54 ...?..e" ..."...T > [190] F6 DE A4 FA 53 59 24 88 D8 40 2C D8 23 4C A8 13 ....SY$. .@,.#L.. > [1A0] 16 76 33 AD 49 D1 7C BA 9D 1A EF 21 1A 65 22 EC .v3.I.|. ...!.e". > [1B0] 59 DB A4 2A 9F 41 1A 96 3A 20 40 41 3F 4F E4 B9 Y..*.A.. : @A?O.. > [1C0] 89 4C 0F B3 E8 41 1F 39 9E 02 6E 04 10 C3 57 65 .L...A.9 ..n...We > [1D0] F0 29 28 D0 6A 6C 8F CF 22 B8 B6 B2 B3 F5 BA 81 .)(.jl.. "....... > [1E0] 5F 29 BC 47 CB DD 94 01 BE 3C 4A E6 91 7A C1 33 _).G.... .<J..z.3 > [1F0] 59 AE 8C 11 6B FF 97 01 C6 C9 B9 63 1D E8 46 56 Y...k... ...c..FV >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBsesssetupX (pid 12479) conn 0x0 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:17, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) > wct=12 flg2=0xc807 >[2008/07/16 17:09:17, 2] smbd/sesssetup.c:setup_new_vc_session(1363) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2008/07/16 17:09:17, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) > Doing spnego session setup >[2008/07/16 17:09:17, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) > NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2008/07/16 17:09:17, 10] lib/util.c:set_remote_arch(2201) > set_remote_arch: Client arch is 'WinXP' >[2008/07/16 17:09:17, 10] smbd/password.c:register_initial_vuid(188) > register_initial_vuid: allocated vuid = 100 >[2008/07/16 17:09:17, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) > check_spnego_blob_complete: needed_len = 1534, pblob->length = 1534 >[2008/07/16 17:09:17, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) > parse_spnego_mechanisms: Got OID 1 2 840 48018 1 2 2 >[2008/07/16 17:09:17, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) > parse_spnego_mechanisms: Got OID 1 2 840 113554 1 2 2 >[2008/07/16 17:09:17, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) > parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 >[2008/07/16 17:09:17, 3] smbd/sesssetup.c:reply_spnego_negotiate(800) > reply_spnego_negotiate: Got secblob of size 1468 >[2008/07/16 17:09:17, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(273) > ads_secrets_verify_ticket: enc type [23] decrypted message ! >[2008/07/16 17:09:17, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(799) > Got KRB5 session key of length 16 >[2008/07/16 17:09:17, 3] libads/authdata.c:decode_pac_data(301) > Found account name from PAC: pim [Pim Zandbergen] >[2008/07/16 17:09:17, 10] libads/authdata.c:decode_pac_data(303) > Successfully validated Kerberos PAC >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 63 A5 BF 77 9A D0 51 E8 AA 6E 40 14 47 62 A1 45 c..w..Q. .n@.Gb.E >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 73 20 FA 89 E2 C4 67 E9 5B 70 C4 89 20 A7 E9 45 s ....g. [p.. ..E > pac_data: struct PAC_DATA > num_buffers : 0x00000004 (4) > version : 0x00000000 (0) > buffers: ARRAY(4) > buffers: struct PAC_BUFFER > type : PAC_TYPE_LOGON_INFO (1) > _ndr_size : 0x000002f8 (760) > info : * > info : union PAC_INFO(case 1) > logon_info: struct PAC_LOGON_INFO_CTR > unknown1 : 0x00081001 (528385) > unknown2 : 0xcccccccc (3435973836) > _ndr_size : 0x000002e8 (744) > unknown3 : 0x00000000 (0) > info : * > info: struct PAC_LOGON_INFO > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > last_logon : Wed 16 Jul 2008 04:34:16 PM CEST CEST > last_logoff : Tue 19 Jan 2038 04:14:07 AM CET CET > acct_expiry : Tue 19 Jan 2038 04:14:07 AM CET CET > last_password_change : Thu 14 Sep 2006 06:46:55 PM CEST CEST > allow_password_change : Thu 14 Sep 2006 06:46:55 PM CEST CEST > force_password_change : Tue 19 Jan 2038 04:14:07 AM CET CET > account_name: struct lsa_String > length : 0x0006 (6) > size : 0x0006 (6) > string : * > string : 'pim' > full_name: struct lsa_String > length : 0x001c (28) > size : 0x001c (28) > string : * > string : 'Pim Zandbergen' > logon_script: struct lsa_String > length : 0x0010 (16) > size : 0x0010 (16) > string : * > string : 'test.bat' > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_count : 0x0d89 (3465) > bad_password_count : 0x0000 (0) > rid : 0x000003ed (1005) > primary_gid : 0x00000200 (512) > groups: struct samr_RidWithAttributeArray > count : 0x00000004 (4) > rids : * > rids: ARRAY(4) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000200 (512) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x0000077b (1915) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000d90 (3472) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000020 (32) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 0: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 00000000000000000000000000000000 > logon_server: struct lsa_StringLarge > length : 0x0006 (6) > size : 0x0008 (8) > string : * > string : 'DOU' > domain: struct lsa_StringLarge > length : 0x0014 (20) > size : 0x0016 (22) > string : * > string : 'MACROSCOOP' > domain_sid : * > domain_sid : S-1-5-21-995976282-251809560-1267956476 > LMSessKey: struct netr_LMSessionKey > key : 0000000000000000 > acct_flags : 0x00000210 (528) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 1: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > unknown: ARRAY(7) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > sidcount : 0x00000007 (7) > sids : * > sids: ARRAY(7) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-1209 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3497 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3475 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3471 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3485 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-1165 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3429 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > res_group_dom_sid : NULL > res_groups: struct samr_RidWithAttributeArray > count : 0x00000000 (0) > rids : NULL > _pad : 0x00000000 (0) > buffers: struct PAC_BUFFER > type : PAC_TYPE_LOGON_NAME (10) > _ndr_size : 0x00000010 (16) > info : * > info : union PAC_INFO(case 10) > logon_name: struct PAC_LOGON_NAME > logon_time : Wed 16 Jul 2008 04:34:17 PM CEST CEST > size : 0x0006 (6) > account_name : 'pim' > _pad : 0x00000000 (0) > buffers: struct PAC_BUFFER > type : PAC_TYPE_SRV_CHECKSUM (6) > _ndr_size : 0x00000014 (20) > info : * > info : union PAC_INFO(case 6) > srv_cksum: struct PAC_SIGNATURE_DATA > type : 0xffffff76 (4294967158) > signature : DATA_BLOB length=16 > _pad : 0x00000000 (0) > buffers: struct PAC_BUFFER > type : PAC_TYPE_KDC_CHECKSUM (7) > _ndr_size : 0x00000014 (20) > info : * > info : union PAC_INFO(case 7) > kdc_cksum: struct PAC_SIGNATURE_DATA > type : 0xffffff76 (4294967158) > signature : DATA_BLOB length=16 > _pad : 0x00000000 (0) > >[2008/07/16 17:09:17, 3] smbd/sesssetup.c:reply_spnego_kerberos(356) > Ticket name is [pim@MACROSCOOP.NL] >[2008/07/16 17:09:17, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(139) > netsamlogon_cache_store: SID [S-1-5-21-995976282-251809560-1267956476-1005] > &r: struct netsamlogoncache_entry > timestamp : Wed 16 Jul 2008 05:09:17 PM CEST CEST > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > last_logon : Wed 16 Jul 2008 04:34:16 PM CEST CEST > last_logoff : Tue 19 Jan 2038 04:14:07 AM CET CET > acct_expiry : Tue 19 Jan 2038 04:14:07 AM CET CET > last_password_change : Thu 14 Sep 2006 06:46:55 PM CEST CEST > allow_password_change : Thu 14 Sep 2006 06:46:55 PM CEST CEST > force_password_change : Tue 19 Jan 2038 04:14:07 AM CET CET > account_name: struct lsa_String > length : 0x0006 (6) > size : 0x0006 (6) > string : * > string : 'pim' > full_name: struct lsa_String > length : 0x001c (28) > size : 0x001c (28) > string : * > string : 'Pim Zandbergen' > logon_script: struct lsa_String > length : 0x0010 (16) > size : 0x0010 (16) > string : * > string : 'test.bat' > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_count : 0x0d89 (3465) > bad_password_count : 0x0000 (0) > rid : 0x000003ed (1005) > primary_gid : 0x00000200 (512) > groups: struct samr_RidWithAttributeArray > count : 0x00000004 (4) > rids : * > rids: ARRAY(4) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000200 (512) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x0000077b (1915) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000d90 (3472) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000020 (32) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 0: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 00000000000000000000000000000000 > logon_server: struct lsa_StringLarge > length : 0x0006 (6) > size : 0x0008 (8) > string : * > string : 'DOU' > domain: struct lsa_StringLarge > length : 0x0014 (20) > size : 0x0016 (22) > string : * > string : 'MACROSCOOP' > domain_sid : * > domain_sid : S-1-5-21-995976282-251809560-1267956476 > LMSessKey: struct netr_LMSessionKey > key : 0000000000000000 > acct_flags : 0x00000210 (528) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 1: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > unknown: ARRAY(7) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > sidcount : 0x00000007 (7) > sids : * > sids: ARRAY(7) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-1209 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3497 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3475 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3471 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3485 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-1165 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-995976282-251809560-1267956476-3429 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) >[2008/07/16 17:09:17, 10] smbd/sesssetup.c:reply_spnego_kerberos(402) > Mapped to [MACROSCOOP] (using PAC) >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_alloc(133) > Finding user MACROSCOOP\pim >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(77) > Trying _Get_Pwnam(), username as lowercase is macroscoop\pim >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(110) > Get_Pwnam_internals did find user [MACROSCOOP\pim]! >[2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 > >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_alloc(133) > Finding user MACROSCOOP\pim >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(77) > Trying _Get_Pwnam(), username as lowercase is macroscoop\pim >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(110) > Get_Pwnam_internals did find user [MACROSCOOP\pim]! >[2008/07/16 17:09:17, 5] auth/auth_util.c:fill_sam_account(1376) > fill_sam_account: located username was [MACROSCOOP\pim] >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username pim, was >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) > pdb_set_full_name: setting full name , was >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_domain(603) > pdb_set_domain: setting domain APPEL, was >[2008/07/16 17:09:17, 4] lib/substitute.c:automount_server(500) > Home server: appel >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) > pdb_set_profile_path: setting profile path \\appel\pim\profile, was >[2008/07/16 17:09:17, 4] lib/substitute.c:automount_server(500) > Home server: appel >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) > pdb_set_homedir: setting home dir \\appel\pim, was >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) > pdb_set_dir_drive: setting dir drive , was NULL >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) > pdb_set_logon_script: setting logon script , was >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) > pdb_set_user_sid: setting user sid S-1-5-21-1277291749-436816279-1941180597-301244 >[2008/07/16 17:09:17, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1277291749-436816279-1941180597-301244 from rid 301244 >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) > pdb_set_nt_username: setting nt username pim, was >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_username(580) > pdb_set_username: setting username pim, was pim >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_domain(603) > pdb_set_domain: setting domain MACROSCOOP, was APPEL >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) > pdb_set_user_sid: setting user sid S-1-5-21-995976282-251809560-1267956476-1005 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-512 -> gid 150004 >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_group_sid(567) > pdb_set_group_sid: setting group sid S-1-5-21-995976282-251809560-1267956476-512 >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) > pdb_set_full_name: setting full name Pim Zandbergen, was >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) > pdb_set_logon_script: setting logon script test.bat, was >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) > pdb_set_profile_path: setting profile path , was \\appel\pim\profile >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) > pdb_set_homedir: setting home dir , was \\appel\pim >[2008/07/16 17:09:17, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) > pdb_set_dir_drive: setting dir drive , was >[2008/07/16 17:09:17, 10] auth/token_util.c:create_local_nt_token(302) > Create local NT token for S-1-5-21-995976282-251809560-1267956476-1005 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-32-544 -> gid 150256 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-32-545 -> gid 150257 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:push_sec_ctx(224) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:17, 3] smbd/uid.c:push_conn_ctx(357) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-1005] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-513] >[2008/07/16 17:09:17, 5] lib/privileges.c:get_privileges_for_sids(128) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-512] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-1915] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3472] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-1209] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3497] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3475] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3471] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3485] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-1165] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-21-995976282-251809560-1267956476-3429] >[2008/07/16 17:09:17, 3] lib/privileges.c:get_privileges(63) > get_privileges: No privileges assigned to SID [S-1-5-32-545] >[2008/07/16 17:09:17, 5] lib/privileges.c:get_privileges_for_sids(128) > get_privileges_for_sids: sid = S-1-5-32-544 > Privilege set: > SE_PRIV 0xff0 0x0 0x0 0x0 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-513 -> gid 150000 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1426) > winbind failed to find a gid for sid S-1-1-0 >[2008/07/16 17:09:17, 10] auth/auth_util.c:create_local_token(727) > Could not convert SID S-1-1-0 to gid, ignoring it >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1426) > winbind failed to find a gid for sid S-1-5-2 >[2008/07/16 17:09:17, 10] auth/auth_util.c:create_local_token(727) > Could not convert SID S-1-5-2 to gid, ignoring it >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1426) > winbind failed to find a gid for sid S-1-5-11 >[2008/07/16 17:09:17, 10] auth/auth_util.c:create_local_token(727) > Could not convert SID S-1-5-11 to gid, ignoring it >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-512 -> gid 150004 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-1915 -> gid 150009 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-3472 -> gid 150152 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-1209 -> gid 150005 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-3497 -> gid 150189 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-3475 -> gid 150153 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-3471 -> gid 150154 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-3485 -> gid 150188 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-1165 -> gid 150006 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-21-995976282-251809560-1267956476-3429 -> gid 150007 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-32-545 -> gid 150257 >[2008/07/16 17:09:17, 10] passdb/lookup_sid.c:sid_to_gid(1431) > sid S-1-5-32-544 -> gid 150256 >[2008/07/16 17:09:17, 10] auth/token_util.c:debug_nt_user_token(470) > NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 > contains 17 SIDs > SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 > SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 > SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 > SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 > SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 > SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 > SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 > SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 > SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 > SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 > SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 > SID[ 15]: S-1-5-32-545 > SID[ 16]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2008/07/16 17:09:17, 10] smbd/password.c:register_initial_vuid(188) > register_initial_vuid: allocated vuid = 101 >[2008/07/16 17:09:17, 10] smbd/password.c:register_existing_vuid(310) > register_existing_vuid: (150122,150004) MACROSCOOP\pim pim MACROSCOOP guest=0 >[2008/07/16 17:09:17, 3] smbd/password.c:register_existing_vuid(314) > register_existing_vuid: User name: MACROSCOOP\pim Real name: Pim Zandbergen >[2008/07/16 17:09:17, 3] smbd/password.c:register_existing_vuid(326) > register_existing_vuid: UNIX uid 150122 is UNIX user MACROSCOOP\pim, and will be vuid 101 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 49442F31323437392F31 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a7ff0 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 49442F31323437392F31 >[2008/07/16 17:09:17, 7] param/loadparm.c:lp_servicenumber(8917) > lp_servicenumber: couldn't find MACROSCOOP\pim >[2008/07/16 17:09:17, 3] smbd/password.c:register_existing_vuid(350) > Adding homes service for user 'MACROSCOOP\pim' using home directory: '/home/pim' >[2008/07/16 17:09:17, 8] param/loadparm.c:add_a_service(5762) > add_a_service: Creating snum = 6 for pim >[2008/07/16 17:09:17, 10] param/loadparm.c:hash_a_service(5809) > hash_a_service: hashing index 6 for service name pim >[2008/07/16 17:09:17, 3] param/loadparm.c:lp_add_home(5858) > adding home's share [pim] for user 'MACROSCOOP\pim' at '/home/pim' >[2008/07/16 17:09:17, 6] param/loadparm.c:lp_file_list_changed(6625) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jul 16 16:45:43 2008 > >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=264 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=64 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 151 (0x97) > smb_bcc=221 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] A1 81 94 30 81 91 A0 03 0A 01 00 A1 0B 06 09 2A ...0.... .......* > [010] 86 48 82 F7 12 01 02 02 A2 7D 04 7B 60 79 06 09 .H...... .}.{`y.. > [020] 2A 86 48 86 F7 12 01 02 02 02 00 6F 6A 30 68 A0 *.H..... ...oj0h. > [030] 03 02 01 05 A1 03 02 01 0F A2 5C 30 5A A0 03 02 ........ ..\0Z... > [040] 01 17 A2 53 04 51 C9 2B D3 DA CE 21 0B 63 D5 E5 ...S.Q.+ ...!.c.. > [050] 2C 9E 71 12 DF DB 1F D8 E2 D1 D6 35 C7 82 7A EC ,.q..... ...5..z. > [060] F3 CA 1B 4C 71 11 FD C9 C8 45 FC 21 38 AE 83 5E ...Lq... .E.!8..^ > [070] 32 CF 17 AD 0D A7 9C 50 CA 71 26 85 34 10 C1 5C 2......P .q&.4..\ > [080] 1E EB F1 7A 69 2C E2 B3 44 74 49 39 5C DF 99 D1 ...zi,.. DtI9\... > [090] 4A A1 D6 DD D4 3B 86 55 00 6E 00 69 00 78 00 00 J....;.U .n.i.x.. > [0A0] 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 00 2E .S.a.m.b .a. .3.. > [0B0] 00 32 00 2E 00 30 00 2D 00 31 00 37 00 2E 00 66 .2...0.- .1.7...f > [0C0] 00 63 00 39 00 00 00 4D 00 41 00 43 00 52 00 4F .c.9...M .A.C.R.O > [0D0] 00 53 00 43 00 4F 00 4F 00 50 00 00 00 .S.C.O.O .P... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 76 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x4c >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 2 of length 80 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=128 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 5C 00 41 00 50 00 50 00 45 00 4C 00 5C .\.\.A.P .P.E.L.\ > [010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? > [020] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtconX (pid 12479) conn 0x0 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:17, 4] smbd/reply.c:reply_tcon_and_X(653) > Client requested device type [?????] for share [IPC$] >[2008/07/16 17:09:17, 5] smbd/service.c:make_connection(1376) > making a connection to 'normal' service ipc$ >[2008/07/16 17:09:17, 10] smbd/share_access.c:user_ok_token(231) > user_ok_token: share IPC$ is ok for unix user MACROSCOOP\pim >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_alloc(133) > Finding user MACROSCOOP\pim >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(77) > Trying _Get_Pwnam(), username as lowercase is macroscoop\pim >[2008/07/16 17:09:17, 5] lib/username.c:Get_Pwnam_internals(110) > Get_Pwnam_internals did find user [MACROSCOOP\pim]! >[2008/07/16 17:09:17, 10] smbd/service.c:set_conn_connectpath(157) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2008/07/16 17:09:17, 3] smbd/service.c:make_connection_snum(936) > Connect path is '/tmp' for service [IPC$] >[2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000002, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2008/07/16 17:09:17, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (2) granted. >[2008/07/16 17:09:17, 3] smbd/vfs.c:vfs_init_default(96) > Initialising default vfs hooks >[2008/07/16 17:09:17, 10] smbd/vfs.c:vfs_find_backend_entry(48) > vfs_find_backend_entry called for /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:smb_register_vfs(86) > Successfully added vfs backend '/[Default VFS]/' >[2008/07/16 17:09:17, 10] smbd/vfs.c:vfs_find_backend_entry(48) > vfs_find_backend_entry called for posixacl >[2008/07/16 17:09:17, 5] smbd/vfs.c:smb_register_vfs(86) > Successfully added vfs backend 'posixacl' >[2008/07/16 17:09:17, 3] smbd/vfs.c:vfs_init_custom(130) > Initialising custom vfs hooks from [/[Default VFS]/] >[2008/07/16 17:09:17, 10] smbd/vfs.c:vfs_find_backend_entry(48) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #0 (type 0, layer 0) > Making operation type 0 opaque [module /[Default VFS]/] > Accepting operation type 0 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #1 (type 1, layer 0) > Making operation type 1 opaque [module /[Default VFS]/] > Accepting operation type 1 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #2 (type 2, layer 0) > Making operation type 2 opaque [module /[Default VFS]/] > Accepting operation type 2 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #3 (type 3, layer 0) > Making operation type 3 opaque [module /[Default VFS]/] > Accepting operation type 3 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #4 (type 4, layer 0) > Making operation type 4 opaque [module /[Default VFS]/] > Accepting operation type 4 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #5 (type 5, layer 0) > Making operation type 5 opaque [module /[Default VFS]/] > Accepting operation type 5 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #6 (type 6, layer 0) > Making operation type 6 opaque [module /[Default VFS]/] > Accepting operation type 6 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #7 (type 7, layer 0) > Making operation type 7 opaque [module /[Default VFS]/] > Accepting operation type 7 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #8 (type 8, layer 0) > Making operation type 8 opaque [module /[Default VFS]/] > Accepting operation type 8 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #9 (type 9, layer 0) > Making operation type 9 opaque [module /[Default VFS]/] > Accepting operation type 9 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #10 (type 10, layer 0) > Making operation type 10 opaque [module /[Default VFS]/] > Accepting operation type 10 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #11 (type 11, layer 0) > Making operation type 11 opaque [module /[Default VFS]/] > Accepting operation type 11 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #12 (type 12, layer 0) > Making operation type 12 opaque [module /[Default VFS]/] > Accepting operation type 12 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #13 (type 13, layer 0) > Making operation type 13 opaque [module /[Default VFS]/] > Accepting operation type 13 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #14 (type 14, layer 0) > Making operation type 14 opaque [module /[Default VFS]/] > Accepting operation type 14 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #15 (type 15, layer 0) > Making operation type 15 opaque [module /[Default VFS]/] > Accepting operation type 15 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #16 (type 16, layer 0) > Making operation type 16 opaque [module /[Default VFS]/] > Accepting operation type 16 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #17 (type 17, layer 0) > Making operation type 17 opaque [module /[Default VFS]/] > Accepting operation type 17 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #18 (type 18, layer 0) > Making operation type 18 opaque [module /[Default VFS]/] > Accepting operation type 18 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #19 (type 19, layer 0) > Making operation type 19 opaque [module /[Default VFS]/] > Accepting operation type 19 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #20 (type 20, layer 0) > Making operation type 20 opaque [module /[Default VFS]/] > Accepting operation type 20 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #21 (type 21, layer 0) > Making operation type 21 opaque [module /[Default VFS]/] > Accepting operation type 21 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #22 (type 22, layer 0) > Making operation type 22 opaque [module /[Default VFS]/] > Accepting operation type 22 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #23 (type 23, layer 0) > Making operation type 23 opaque [module /[Default VFS]/] > Accepting operation type 23 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #24 (type 24, layer 0) > Making operation type 24 opaque [module /[Default VFS]/] > Accepting operation type 24 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #25 (type 25, layer 0) > Making operation type 25 opaque [module /[Default VFS]/] > Accepting operation type 25 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #26 (type 26, layer 0) > Making operation type 26 opaque [module /[Default VFS]/] > Accepting operation type 26 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #27 (type 27, layer 0) > Making operation type 27 opaque [module /[Default VFS]/] > Accepting operation type 27 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #28 (type 28, layer 0) > Making operation type 28 opaque [module /[Default VFS]/] > Accepting operation type 28 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #29 (type 29, layer 0) > Making operation type 29 opaque [module /[Default VFS]/] > Accepting operation type 29 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #30 (type 30, layer 0) > Making operation type 30 opaque [module /[Default VFS]/] > Accepting operation type 30 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #31 (type 31, layer 0) > Making operation type 31 opaque [module /[Default VFS]/] > Accepting operation type 31 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #32 (type 32, layer 0) > Making operation type 32 opaque [module /[Default VFS]/] > Accepting operation type 32 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #33 (type 33, layer 0) > Making operation type 33 opaque [module /[Default VFS]/] > Accepting operation type 33 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #34 (type 34, layer 0) > Making operation type 34 opaque [module /[Default VFS]/] > Accepting operation type 34 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #35 (type 35, layer 0) > Making operation type 35 opaque [module /[Default VFS]/] > Accepting operation type 35 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #36 (type 36, layer 0) > Making operation type 36 opaque [module /[Default VFS]/] > Accepting operation type 36 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #37 (type 37, layer 0) > Making operation type 37 opaque [module /[Default VFS]/] > Accepting operation type 37 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #38 (type 38, layer 0) > Making operation type 38 opaque [module /[Default VFS]/] > Accepting operation type 38 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #39 (type 39, layer 0) > Making operation type 39 opaque [module /[Default VFS]/] > Accepting operation type 39 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #40 (type 40, layer 0) > Making operation type 40 opaque [module /[Default VFS]/] > Accepting operation type 40 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #41 (type 41, layer 0) > Making operation type 41 opaque [module /[Default VFS]/] > Accepting operation type 41 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #42 (type 42, layer 0) > Making operation type 42 opaque [module /[Default VFS]/] > Accepting operation type 42 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #43 (type 43, layer 0) > Making operation type 43 opaque [module /[Default VFS]/] > Accepting operation type 43 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #44 (type 44, layer 0) > Making operation type 44 opaque [module /[Default VFS]/] > Accepting operation type 44 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #45 (type 45, layer 0) > Making operation type 45 opaque [module /[Default VFS]/] > Accepting operation type 45 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #46 (type 46, layer 0) > Making operation type 46 opaque [module /[Default VFS]/] > Accepting operation type 46 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #47 (type 47, layer 0) > Making operation type 47 opaque [module /[Default VFS]/] > Accepting operation type 47 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #48 (type 48, layer 0) > Making operation type 48 opaque [module /[Default VFS]/] > Accepting operation type 48 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #49 (type 49, layer 0) > Making operation type 49 opaque [module /[Default VFS]/] > Accepting operation type 49 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #50 (type 50, layer 0) > Making operation type 50 opaque [module /[Default VFS]/] > Accepting operation type 50 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #51 (type 51, layer 0) > Making operation type 51 opaque [module /[Default VFS]/] > Accepting operation type 51 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #52 (type 52, layer 0) > Making operation type 52 opaque [module /[Default VFS]/] > Accepting operation type 52 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #53 (type 53, layer 0) > Making operation type 53 opaque [module /[Default VFS]/] > Accepting operation type 53 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #54 (type 54, layer 0) > Making operation type 54 opaque [module /[Default VFS]/] > Accepting operation type 54 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #55 (type 55, layer 0) > Making operation type 55 opaque [module /[Default VFS]/] > Accepting operation type 55 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #56 (type 56, layer 0) > Making operation type 56 opaque [module /[Default VFS]/] > Accepting operation type 56 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #57 (type 57, layer 0) > Making operation type 57 opaque [module /[Default VFS]/] > Accepting operation type 57 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #58 (type 58, layer 0) > Making operation type 58 opaque [module /[Default VFS]/] > Accepting operation type 58 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #59 (type 59, layer 0) > Making operation type 59 opaque [module /[Default VFS]/] > Accepting operation type 59 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #60 (type 60, layer 0) > Making operation type 60 opaque [module /[Default VFS]/] > Accepting operation type 60 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #61 (type 61, layer 0) > Making operation type 61 opaque [module /[Default VFS]/] > Accepting operation type 61 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #62 (type 62, layer 0) > Making operation type 62 opaque [module /[Default VFS]/] > Accepting operation type 62 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #63 (type 63, layer 0) > Making operation type 63 opaque [module /[Default VFS]/] > Accepting operation type 63 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #64 (type 64, layer 0) > Making operation type 64 opaque [module /[Default VFS]/] > Accepting operation type 64 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #65 (type 65, layer 0) > Making operation type 65 opaque [module /[Default VFS]/] > Accepting operation type 65 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #66 (type 66, layer 0) > Making operation type 66 opaque [module /[Default VFS]/] > Accepting operation type 66 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #67 (type 67, layer 0) > Making operation type 67 opaque [module /[Default VFS]/] > Accepting operation type 67 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #68 (type 68, layer 0) > Making operation type 68 opaque [module /[Default VFS]/] > Accepting operation type 68 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #69 (type 69, layer 0) > Making operation type 69 opaque [module /[Default VFS]/] > Accepting operation type 69 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #70 (type 70, layer 0) > Making operation type 70 opaque [module /[Default VFS]/] > Accepting operation type 70 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #71 (type 71, layer 0) > Making operation type 71 opaque [module /[Default VFS]/] > Accepting operation type 71 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #72 (type 72, layer 0) > Making operation type 72 opaque [module /[Default VFS]/] > Accepting operation type 72 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #73 (type 73, layer 0) > Making operation type 73 opaque [module /[Default VFS]/] > Accepting operation type 73 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #74 (type 74, layer 0) > Making operation type 74 opaque [module /[Default VFS]/] > Accepting operation type 74 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #75 (type 75, layer 0) > Making operation type 75 opaque [module /[Default VFS]/] > Accepting operation type 75 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #76 (type 76, layer 0) > Making operation type 76 opaque [module /[Default VFS]/] > Accepting operation type 76 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #77 (type 77, layer 0) > Making operation type 77 opaque [module /[Default VFS]/] > Accepting operation type 77 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #78 (type 78, layer 0) > Making operation type 78 opaque [module /[Default VFS]/] > Accepting operation type 78 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #79 (type 79, layer 0) > Making operation type 79 opaque [module /[Default VFS]/] > Accepting operation type 79 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #80 (type 80, layer 0) > Making operation type 80 opaque [module /[Default VFS]/] > Accepting operation type 80 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #81 (type 81, layer 0) > Making operation type 81 opaque [module /[Default VFS]/] > Accepting operation type 81 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #82 (type 82, layer 0) > Making operation type 82 opaque [module /[Default VFS]/] > Accepting operation type 82 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #83 (type 83, layer 0) > Making operation type 83 opaque [module /[Default VFS]/] > Accepting operation type 83 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #84 (type 84, layer 0) > Making operation type 84 opaque [module /[Default VFS]/] > Accepting operation type 84 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #85 (type 85, layer 0) > Making operation type 85 opaque [module /[Default VFS]/] > Accepting operation type 85 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #86 (type 86, layer 0) > Making operation type 86 opaque [module /[Default VFS]/] > Accepting operation type 86 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #87 (type 87, layer 0) > Making operation type 87 opaque [module /[Default VFS]/] > Accepting operation type 87 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #88 (type 88, layer 0) > Making operation type 88 opaque [module /[Default VFS]/] > Accepting operation type 88 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #89 (type 89, layer 0) > Making operation type 89 opaque [module /[Default VFS]/] > Accepting operation type 89 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #90 (type 90, layer 0) > Making operation type 90 opaque [module /[Default VFS]/] > Accepting operation type 90 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #91 (type 91, layer 0) > Making operation type 91 opaque [module /[Default VFS]/] > Accepting operation type 91 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #92 (type 92, layer 0) > Making operation type 92 opaque [module /[Default VFS]/] > Accepting operation type 92 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #93 (type 93, layer 0) > Making operation type 93 opaque [module /[Default VFS]/] > Accepting operation type 93 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #94 (type 94, layer 0) > Making operation type 94 opaque [module /[Default VFS]/] > Accepting operation type 94 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #95 (type 95, layer 0) > Making operation type 95 opaque [module /[Default VFS]/] > Accepting operation type 95 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #96 (type 96, layer 0) > Making operation type 96 opaque [module /[Default VFS]/] > Accepting operation type 96 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #97 (type 97, layer 0) > Making operation type 97 opaque [module /[Default VFS]/] > Accepting operation type 97 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #98 (type 98, layer 0) > Making operation type 98 opaque [module /[Default VFS]/] > Accepting operation type 98 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #99 (type 99, layer 0) > Making operation type 99 opaque [module /[Default VFS]/] > Accepting operation type 99 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #100 (type 100, layer 0) > Making operation type 100 opaque [module /[Default VFS]/] > Accepting operation type 100 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #101 (type 101, layer 0) > Making operation type 101 opaque [module /[Default VFS]/] > Accepting operation type 101 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #102 (type 102, layer 0) > Making operation type 102 opaque [module /[Default VFS]/] > Accepting operation type 102 from module /[Default VFS]/ >[2008/07/16 17:09:17, 5] smbd/connection.c:claim_connection(142) > claiming [IPC$] >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key BF300000010000004950 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95b00a0 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key BF300000010000004950 >[2008/07/16 17:09:17, 10] smbd/share_access.c:user_ok_token(231) > user_ok_token: share IPC$ is ok for unix user MACROSCOOP\pim >[2008/07/16 17:09:17, 10] smbd/share_access.c:is_share_read_only_for_token(273) > is_share_read_only_for_user: share IPC$ is read-only for unix user MACROSCOOP\pim >[2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000001, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2008/07/16 17:09:17, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (1) granted. >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(470) > NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 > contains 17 SIDs > SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 > SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 > SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 > SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 > SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 > SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 > SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 > SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 > SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 > SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 > SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 > SID[ 15]: S-1-5-32-545 > SID[ 16]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 150122 > Primary group is 150004 and contains 13 supplementary groups > Group[ 0]: 150000 > Group[ 1]: 150004 > Group[ 2]: 150009 > Group[ 3]: 150152 > Group[ 4]: 150005 > Group[ 5]: 150189 > Group[ 6]: 150153 > Group[ 7]: 150154 > Group[ 8]: 150188 > Group[ 9]: 150006 > Group[ 10]: 150007 > Group[ 11]: 150257 > Group[ 12]: 150256 >[2008/07/16 17:09:17, 5] smbd/uid.c:change_to_user(272) > change_to_user uid=(150122,150122) gid=(0,150004) >[2008/07/16 17:09:17, 3] smbd/service.c:make_connection_snum(1190) > __ffff_62.177.168.80 (::ffff:62.177.168.80) connect to service IPC$ initially as user MACROSCOOP\pim (uid=150122, gid=150004) (pid 12479) >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:17, 3] smbd/reply.c:reply_tcon_and_X(727) > tconX service=IPC$ >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=128 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 49 50 43 00 00 00 00 IPC.... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 3 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=192 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 256 (0x100) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(470) > NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 > contains 17 SIDs > SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 > SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 > SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 > SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 > SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 > SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 > SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 > SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 > SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 > SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 > SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 > SID[ 15]: S-1-5-32-545 > SID[ 16]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 150122 > Primary group is 150004 and contains 13 supplementary groups > Group[ 0]: 150000 > Group[ 1]: 150004 > Group[ 2]: 150009 > Group[ 3]: 150152 > Group[ 4]: 150005 > Group[ 5]: 150189 > Group[ 6]: 150153 > Group[ 7]: 150154 > Group[ 8]: 150188 > Group[ 9]: 150006 > Group[ 10]: 150007 > Group[ 11]: 150257 > Group[ 12]: 150256 >[2008/07/16 17:09:17, 5] smbd/uid.c:change_to_user(272) > change_to_user uid=(150122,150122) gid=(0,150004) >[2008/07/16 17:09:17, 4] smbd/vfs.c:vfs_ChDir(733) > vfs_ChDir to /tmp >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \wkssvc. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe wkssvc opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested wkssvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested wkssvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe wkssvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe wkssvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe wkssvc with handle 77a2 (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name wkssvc pnum=77a2 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 776B737376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a5eb8 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 776B737376632F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \wkssvc >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=192 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=41472 (0xA200) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 4 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=256 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30626 (0x77A2) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 > [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a2 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a2 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a2 name: wkssvc open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 6bffd098 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : a112 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 3610 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : 98 33 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 46 c3 f8 7e 34 5a >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000001 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\wkssvc > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc > checking \PIPE\wkssvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\wkssvc. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77a2 nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=256 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 5 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=320 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30626 (0x77A2) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a2 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a2 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a2 name: wkssvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77a2 min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=320 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x90 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 6 of length 148 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=384 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30626 (0x77A2) > smb_bcc=77 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 00 00 00 00 02 00 08 00 00 .$...... ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 64 00 00 00 .p.e.l.. .d... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=60 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a2 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a2 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "wkssvc" (pnum 77a2) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb95aa570 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a2 name: wkssvc open: Yes len: 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000024 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0000 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[0].fn == 0xb7ba2020 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\appel' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'APPEL' > domain_name : * > domain_name : 'MACROSCOOP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called wkssvc successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 37 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 44 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a2 name: wkssvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0074 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000005c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=384 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=117 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... > [010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... > [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ > [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ > [040] 00 41 00 50 00 50 00 45 00 4C 00 00 00 0B 00 00 .A.P.P.E .L...... > [050] 00 00 00 00 00 0B 00 00 00 4D 00 41 00 43 00 52 ........ .M.A.C.R > [060] 00 4F 00 53 00 43 00 4F 00 4F 00 50 00 00 00 00 .O.S.C.O .O.P.... > [070] 00 00 00 00 00 ..... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 7 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=448 > smt_wct=3 > smb_vwv[ 0]=30626 (0x77A2) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a2 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a2 (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77a2 >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name wkssvc pnum=77a2 (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 776B737376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 776B737376632F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=448 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 8 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=512 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \srvsvc. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe srvsvc opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested srvsvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested srvsvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe srvsvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe srvsvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe srvsvc with handle 77a3 (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name srvsvc pnum=77a3 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 7372767376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab140 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 7372767376632F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=512 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=41728 (0xA300) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 9 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=576 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30627 (0x77A3) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a3 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a3 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a3 name: srvsvc open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 4b324fc8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : 1670 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 01d3 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : 12 78 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 5a 47 bf 6e e1 88 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000003 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\srvsvc > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\srvsvc. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77a3 nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=576 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 10 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=640 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30627 (0x77A3) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a3 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a3 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a3 name: srvsvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77a3 min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=640 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x90 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 11 of length 148 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=704 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30627 (0x77A3) > smb_bcc=77 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 15 00 00 00 02 00 08 00 00 .$...... ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 65 00 00 00 .p.e.l.. .e... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=60 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a3 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a3 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "srvsvc" (pnum 77a3) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb95ac9e0 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a3 name: srvsvc open: Yes len: 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000024 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0015 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[21].fn == 0xb7bcf550 > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > in: struct srvsvc_NetSrvGetInfo > server_unc : * > server_unc : '\\appel' > level : 0x00000065 (101) >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1041) > _srvsvc_NetSrvGetInfo: 1041 >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1117) > _srvsvc_NetSrvGetInfo: 1117 > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > out: struct srvsvc_NetSrvGetInfo > info : * > info : union srvsvc_NetSrvInfo(case 101) > info101 : * > info101: struct srvsvc_NetSrvInfo101 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'APPEL' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > server_type : 0x00809b23 (8428323) > 1: SV_TYPE_WORKSTATION > 1: SV_TYPE_SERVER > 0: SV_TYPE_SQLSERVER > 0: SV_TYPE_DOMAIN_CTRL > 0: SV_TYPE_DOMAIN_BAKCTRL > 1: SV_TYPE_TIME_SOURCE > 0: SV_TYPE_AFP > 0: SV_TYPE_NOVELL > 1: SV_TYPE_DOMAIN_MEMBER > 1: SV_TYPE_PRINTQ_SERVER > 0: SV_TYPE_DIALIN_SERVER > 1: SV_TYPE_SERVER_UNIX > 1: SV_TYPE_NT > 0: SV_TYPE_WFW > 0: SV_TYPE_SERVER_MFPN > 1: SV_TYPE_SERVER_NT > 0: SV_TYPE_POTENTIAL_BROWSER > 0: SV_TYPE_BACKUP_BROWSER > 0: SV_TYPE_MASTER_BROWSER > 0: SV_TYPE_DOMAIN_MASTER > 0: SV_TYPE_SERVER_OSF > 0: SV_TYPE_SERVER_VMS > 0: SV_TYPE_WIN95_PLUS > 1: SV_TYPE_DFS_SERVER > 0: SV_TYPE_ALTERNATE_XPORT > 0: SV_TYPE_LOCAL_LIST_ONLY > 0: SV_TYPE_DOMAIN_ENUM > comment : * > comment : 'Fedora 9 - Samba 3.2.0-17.fc9' > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called srvsvc successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 24 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 44 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a3 name: srvsvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 132. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 009c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000084 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..156] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=212 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=704 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 156 (0x9C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 156 (0x9C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=157 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 9C 00 00 00 01 00 00 ........ ........ > [010] 00 84 00 00 00 00 00 00 00 65 00 00 00 00 00 02 ........ .e...... > [020] 00 F4 01 00 00 04 00 02 00 04 00 00 00 09 00 00 ........ ........ > [030] 00 23 9B 80 00 08 00 02 00 06 00 00 00 00 00 00 .#...... ........ > [040] 00 06 00 00 00 41 00 50 00 50 00 45 00 4C 00 00 .....A.P .P.E.L.. > [050] 00 1E 00 00 00 00 00 00 00 1E 00 00 00 46 00 65 ........ .....F.e > [060] 00 64 00 6F 00 72 00 61 00 20 00 39 00 20 00 2D .d.o.r.a . .9. .- > [070] 00 20 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 . .S.a.m .b.a. .3 > [080] 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 00 2E ...2...0 .-.1.7.. > [090] 00 66 00 63 00 39 00 00 00 00 00 00 00 .f.c.9.. ..... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 12 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=768 > smt_wct=3 > smb_vwv[ 0]=30627 (0x77A3) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a3 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a3 (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77a3 >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name srvsvc pnum=77a3 (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 7372767376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 7372767376632F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=768 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 13 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=832 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 256 (0x100) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \wkssvc. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe wkssvc opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested wkssvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested wkssvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe wkssvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe wkssvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe wkssvc with handle 77a4 (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name wkssvc pnum=77a4 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 776B737376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95af040 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 776B737376632F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \wkssvc >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=832 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=41984 (0xA400) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 14 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=896 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30628 (0x77A4) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 > [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a4 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a4 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a4 name: wkssvc open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 6bffd098 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : a112 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 3610 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : 98 33 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 46 c3 f8 7e 34 5a >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000001 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\wkssvc > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc > checking \PIPE\wkssvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\wkssvc. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77a4 nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=896 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 15 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=960 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30628 (0x77A4) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a4 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a4 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a4 name: wkssvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77a4 min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=960 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x90 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 16 of length 148 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30628 (0x77A4) > smb_bcc=77 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 00 00 00 00 02 00 08 00 00 .$...... ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 64 00 00 00 .p.e.l.. .d... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=60 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a4 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a4 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "wkssvc" (pnum 77a4) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb953eeb0 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a4 name: wkssvc open: Yes len: 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000024 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0000 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[0].fn == 0xb7ba2020 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\appel' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'APPEL' > domain_name : * > domain_name : 'MACROSCOOP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called wkssvc successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 37 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 44 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a4 name: wkssvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0074 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000005c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=117 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... > [010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... > [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ > [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ > [040] 00 41 00 50 00 50 00 45 00 4C 00 00 00 0B 00 00 .A.P.P.E .L...... > [050] 00 00 00 00 00 0B 00 00 00 4D 00 41 00 43 00 52 ........ .M.A.C.R > [060] 00 4F 00 53 00 43 00 4F 00 4F 00 50 00 00 00 00 .O.S.C.O .O.P.... > [070] 00 00 00 00 00 ..... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 17 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1088 > smt_wct=3 > smb_vwv[ 0]=30628 (0x77A4) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a4 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a4 (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77a4 >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name wkssvc pnum=77a4 (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 776B737376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 776B737376632F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1088 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 18 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=1152 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \srvsvc. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe srvsvc opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested srvsvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested srvsvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe srvsvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe srvsvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe srvsvc with handle 77a5 (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name srvsvc pnum=77a5 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 7372767376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a6788 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 7372767376632F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=1152 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=42240 (0xA500) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 19 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1216 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30629 (0x77A5) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a5 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a5 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a5 name: srvsvc open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 4b324fc8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : 1670 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 01d3 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : 12 78 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 5a 47 bf 6e e1 88 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000003 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\srvsvc > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\srvsvc. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77a5 nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1216 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 20 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1280 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30629 (0x77A5) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a5 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a5 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a5 name: srvsvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77a5 min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1280 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 168 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0xa8 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 21 of length 172 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=1344 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 84 (0x54) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 84 (0x54) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30629 (0x77A5) > smb_bcc=101 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 54 00 00 00 01 00 00 ........ .T...... > [020] 00 3C 00 00 00 00 00 0F 00 00 00 02 00 08 00 00 .<...... ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 01 00 00 00 01 00 00 .p.e.l.. ........ > [050] 00 04 00 02 00 00 00 00 00 00 00 00 00 FF FF FF ........ ........ > [060] FF 00 00 00 00 ..... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=84 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a5 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a5 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "srvsvc" (pnum 77a5) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb95ac9e0 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a5 name: srvsvc open: Yes len: 84 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 84 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 68 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0054 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 68 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 0000003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 000f >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: srvsvc op 0xf - api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[15].fn == 0xb7bd0190 > srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll > in: struct srvsvc_NetShareEnumAll > server_unc : * > server_unc : '\\appel' > info_ctr : * > info_ctr: struct srvsvc_NetShareInfoCtr > level : 0x00000001 (1) > ctr : union srvsvc_NetShareCtr(case 1) > ctr1 : * > ctr1: struct srvsvc_NetShareCtr1 > count : 0x00000000 (0) > array : NULL > max_buffer : 0xffffffff (4294967295) > resume_handle : NULL >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetShareEnumAll(1283) > _srvsvc_NetShareEnumAll: 1283 >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(499) > init_srv_share_info_ctr >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:push_sec_ctx(224) > push_sec_ctx(150122, 150004) : sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:17, 3] smbd/uid.c:push_conn_ctx(357) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:17, 8] smbd/service.c:load_registry_shares(298) > load_registry_shares() >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432) > pop_sec_ctx (150122, 150004) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(514) > NOT counting service homes >[2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(514) > NOT counting service printers >[2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(514) > NOT counting service print$ >[2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(511) > counting service IPC$ >[2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(511) > counting service zetahack >[2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(511) > counting service Cups-PDF >[2008/07/16 17:09:17, 10] rpc_server/srv_srvsvc_nt.c:init_srv_share_info_ctr(511) > counting service pim >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetShareEnumAll(1297) > _srvsvc_NetShareEnumAll: 1297 > srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll > out: struct srvsvc_NetShareEnumAll > info_ctr : * > info_ctr: struct srvsvc_NetShareInfoCtr > level : 0x00000001 (1) > ctr : union srvsvc_NetShareCtr(case 1) > ctr1 : * > ctr1: struct srvsvc_NetShareCtr1 > count : 0x00000004 (4) > array : * > array: ARRAY(4) > array: struct srvsvc_NetShareInfo1 > name : * > name : 'IPC$' > type : STYPE_IPC_HIDDEN (0x80000003) > comment : * > comment : 'IPC Service (Fedora 9 - Samba 3.2.0-17.fc9)' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'zetahack' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'Zetafax hack' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'Cups-PDF' > type : STYPE_PRINTQ (0x1) > comment : * > comment : 'Cups-PDF' > array: struct srvsvc_NetShareInfo1 > name : * > name : 'pim' > type : STYPE_DISKTREE (0x0) > comment : * > comment : 'Home Directories' > totalentries : * > totalentries : 0x00000004 (4) > resume_handle : NULL > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called srvsvc successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 222 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 68 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a5 name: srvsvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 412. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 01b4 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000019c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..436] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=492 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=1344 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 436 (0x1B4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 436 (0x1B4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=437 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 B4 01 00 00 01 00 00 ........ ........ > [010] 00 9C 01 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 02 00 04 00 00 00 04 00 02 00 04 00 00 ........ ........ > [030] 00 08 00 02 00 03 00 00 80 0C 00 02 00 10 00 02 ........ ........ > [040] 00 01 00 00 00 14 00 02 00 18 00 02 00 01 00 00 ........ ........ > [050] 00 1C 00 02 00 20 00 02 00 00 00 00 00 24 00 02 ..... .. .....$.. > [060] 00 05 00 00 00 00 00 00 00 05 00 00 00 49 00 50 ........ .....I.P > [070] 00 43 00 24 00 00 00 00 00 2C 00 00 00 00 00 00 .C.$.... .,...... > [080] 00 2C 00 00 00 49 00 50 00 43 00 20 00 53 00 65 .,...I.P .C. .S.e > [090] 00 72 00 76 00 69 00 63 00 65 00 20 00 28 00 46 .r.v.i.c .e. .(.F > [0A0] 00 65 00 64 00 6F 00 72 00 61 00 20 00 39 00 20 .e.d.o.r .a. .9. > [0B0] 00 2D 00 20 00 53 00 61 00 6D 00 62 00 61 00 20 .-. .S.a .m.b.a. > [0C0] 00 33 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 .3...2.. .0.-.1.7 > [0D0] 00 2E 00 66 00 63 00 39 00 29 00 00 00 09 00 00 ...f.c.9 .)...... > [0E0] 00 00 00 00 00 09 00 00 00 7A 00 65 00 74 00 61 ........ .z.e.t.a > [0F0] 00 68 00 61 00 63 00 6B 00 00 00 00 00 0D 00 00 .h.a.c.k ........ > [100] 00 00 00 00 00 0D 00 00 00 5A 00 65 00 74 00 61 ........ .Z.e.t.a > [110] 00 66 00 61 00 78 00 20 00 68 00 61 00 63 00 6B .f.a.x. .h.a.c.k > [120] 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ > [130] 00 43 00 75 00 70 00 73 00 2D 00 50 00 44 00 46 .C.u.p.s .-.P.D.F > [140] 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ > [150] 00 43 00 75 00 70 00 73 00 2D 00 50 00 44 00 46 .C.u.p.s .-.P.D.F > [160] 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........ > [170] 00 70 00 69 00 6D 00 00 00 11 00 00 00 00 00 00 .p.i.m.. ........ > [180] 00 11 00 00 00 48 00 6F 00 6D 00 65 00 20 00 44 .....H.o .m.e. .D > [190] 00 69 00 72 00 65 00 63 00 74 00 6F 00 72 00 69 .i.r.e.c .t.o.r.i > [1A0] 00 65 00 73 00 00 00 00 00 04 00 00 00 00 00 00 .e.s.... ........ > [1B0] 00 00 00 00 00 ..... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 22 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1408 > smt_wct=3 > smb_vwv[ 0]=30629 (0x77A5) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a5 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a5 (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77a5 >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name srvsvc pnum=77a5 (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 7372767376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 7372767376632F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1408 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 102 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x66 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 23 of length 106 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=432 > smb_uid=101 > smb_mid=1472 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [010] 00 00 00 ... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \spoolss. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe spoolss opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested spoolss (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested spoolss >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe spoolss >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe spoolss >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe spoolss (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe spoolss with handle 77a6 (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name spoolss pnum=77a6 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 73706F6F6C73732F3132 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2aa8 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 73706F6F6C73732F3132 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \spoolss >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=432 > smb_uid=101 > smb_mid=1472 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=42496 (0xA600) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 24 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1536 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30630 (0x77A6) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a6 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name spoolss pnum=77a6 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a6 name: spoolss open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 12345678 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : 1234 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : abcd >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : ef 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 01 23 45 67 89 ab >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000001 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\spoolss > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc > checking \PIPE\wkssvc > checking \PIPE\winreg > checking \PIPE\spoolss >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000e >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\spoolss. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77a6 nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1536 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 25 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1600 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30630 (0x77A6) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a6 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name spoolss pnum=77a6 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a6 name: spoolss len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77a6 min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1600 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 73 70 6F 6F 6C 73 73 00 01 00 00 00 00 00 00 00 spoolss. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 248 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0xf8 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 26 of length 252 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=248 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=432 > smb_uid=101 > smb_mid=1664 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 164 (0xA4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 164 (0xA4) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30630 (0x77A6) > smb_bcc=181 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 A4 00 00 00 01 00 00 ........ ........ > [020] 00 8C 00 00 00 00 00 45 00 00 00 02 00 08 00 00 .......E ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 00 00 00 00 00 00 00 .p.e.l.. ........ > [050] 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ > [060] 00 04 00 02 00 1C 00 00 00 08 00 02 00 0C 00 02 ........ ........ > [070] 00 28 0A 00 00 03 00 00 00 00 00 00 00 00 00 02 .(...... ........ > [080] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 5C 00 5C ........ .....\.\ > [090] 00 54 00 49 00 54 00 49 00 41 00 41 00 4E 00 00 .T.I.T.I .A.A.N.. > [0A0] 00 04 00 00 00 00 00 00 00 04 00 00 00 70 00 69 ........ .....p.i > [0B0] 00 6D 00 00 00 .m... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=164 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a6 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name spoolss pnum=77a6 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "spoolss" (pnum 77a6) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb952de20 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a6 name: spoolss open: Yes len: 164 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 164 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 164 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 164, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 148 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 148 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00a4 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 148 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 148, incoming data = 148 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 0000008c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0045 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 72 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\spoolss >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[1].fn == 0xb7bd8430 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 spoolss_io_q_open_printer_ex >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 ptr: 00020000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_unistr2 printername >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 uni_max_len: 00000008 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 offset : 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c uni_str_len: 00000008 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0010 buffer : \.\.a.p.p.e.l... >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 spoolss_io_printer_default >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 datatype_ptr: 00000000 >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_unistr2 - NULL datatype >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 spoolss_io_devmode_cont >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 size: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0028 devmode_ptr: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 002c access_required: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 user_switch: 00000001 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 spool_io_user_level >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 level: 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0038 ptr: 00020004 >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 00003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c size: 0000001c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 ptr: 00020008 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 ptr: 0002000c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0048 build: 00000a28 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c major: 00000003 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0050 minor: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0054 processor: 00020000 >[2008/07/16 17:09:17, 8] rpc_parse/parse_prs.c:prs_debug(88) > 000058 smb_io_unistr2 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0058 uni_max_len: 0000000a >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 005c offset : 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0060 uni_str_len: 0000000a >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0064 buffer : \.\.T.I.T.I.A.A.N... >[2008/07/16 17:09:17, 8] rpc_parse/parse_prs.c:prs_debug(88) > 000078 smb_io_unistr2 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0078 uni_max_len: 00000004 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 007c offset : 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0080 uni_str_len: 00000004 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0084 buffer : p.i.m... > checking name: \\appel >[2008/07/16 17:09:17, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(580) > open_printer_hnd: name [\\appel] >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. >[2008/07/16 17:09:17, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(415) > Setting printer type=\\appel > Printer is a print server >[2008/07/16 17:09:17, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(454) > Setting printer name=\\appel (len=7) >[2008/07/16 17:09:17, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(615) > 1 printer handles active >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. >[2008/07/16 17:09:17, 4] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1667) > Setting print server access = SERVER_ACCESS_ENUMERATE >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 spoolss_io_r_open_printer_ex >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd printer handle >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : 7e 48 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 1d 0f bf 30 00 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_werror(838) > 0014 status code: WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called spoolss successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 120 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 148 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a6 name: spoolss len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=432 > smb_uid=101 > smb_mid=1664 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 00 00 00 .....~H. ..0..... > [030] 00 . >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 128 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x80 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 27 of length 132 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=432 > smb_uid=101 > smb_mid=1728 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30630 (0x77A6) > smb_bcc=61 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 02 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 .....~H. ..0.. >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=44 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a6 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name spoolss pnum=77a6 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "spoolss" (pnum 77a6) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb952de20 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a6 name: spoolss open: Yes len: 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 28 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 28 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000014 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 001d >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 0 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\spoolss >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[3].fn == 0xb7bd8040 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 spoolss_io_q_closeprinter >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd printer handle >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : 7e 48 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 1d 0f bf 30 00 00 >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. >[2008/07/16 17:09:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) > Closed policy >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 spoolss_io_r_closeprinter >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd printer handle >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : 00 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 00 00 00 00 00 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_werror(838) > 0014 status: WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called spoolss successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 28 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a6 name: spoolss len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=432 > smb_uid=101 > smb_mid=1728 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 28 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1792 > smt_wct=3 > smb_vwv[ 0]=30630 (0x77A6) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a6 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name spoolss pnum=77a6 (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77a6 >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe spoolss >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name spoolss pnum=77a6 (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 73706F6F6C73732F3132 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 73706F6F6C73732F3132 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1792 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 29 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=1856 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 256 (0x100) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \wkssvc. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe wkssvc opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested wkssvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested wkssvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe wkssvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe wkssvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe wkssvc with handle 77a7 (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name wkssvc pnum=77a7 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 776B737376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab140 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 776B737376632F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \wkssvc >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=1856 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=42752 (0xA700) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 30 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1920 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30631 (0x77A7) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 > [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a7 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a7 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a7 name: wkssvc open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 6bffd098 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : a112 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 3610 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : 98 33 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 46 c3 f8 7e 34 5a >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000001 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\wkssvc > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc > checking \PIPE\wkssvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\wkssvc. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77a7 nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1920 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 31 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1984 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30631 (0x77A7) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a7 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a7 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a7 name: wkssvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77a7 min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1984 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x90 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 32 of length 148 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2048 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30631 (0x77A7) > smb_bcc=77 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 00 00 00 00 02 00 08 00 00 .$...... ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 64 00 00 00 .p.e.l.. .d... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=60 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a7 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a7 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "wkssvc" (pnum 77a7) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb95aab90 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a7 name: wkssvc open: Yes len: 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000024 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0000 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[0].fn == 0xb7ba2020 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\appel' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'APPEL' > domain_name : * > domain_name : 'MACROSCOOP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called wkssvc successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 37 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 44 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a7 name: wkssvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0074 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000005c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2048 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=117 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... > [010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... > [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ > [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ > [040] 00 41 00 50 00 50 00 45 00 4C 00 00 00 0B 00 00 .A.P.P.E .L...... > [050] 00 00 00 00 00 0B 00 00 00 4D 00 41 00 43 00 52 ........ .M.A.C.R > [060] 00 4F 00 53 00 43 00 4F 00 4F 00 50 00 00 00 00 .O.S.C.O .O.P.... > [070] 00 00 00 00 00 ..... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 33 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2112 > smt_wct=3 > smb_vwv[ 0]=30631 (0x77A7) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a7 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a7 (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77a7 >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name wkssvc pnum=77a7 (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 776B737376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 776B737376632F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2112 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 34 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2176 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \srvsvc. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe srvsvc opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested srvsvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested srvsvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe srvsvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe srvsvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe srvsvc with handle 77a8 (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name srvsvc pnum=77a8 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 7372767376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a6788 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 7372767376632F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2176 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43008 (0xA800) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 35 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2240 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30632 (0x77A8) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a8 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a8 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a8 name: srvsvc open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 4b324fc8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : 1670 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 01d3 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : 12 78 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 5a 47 bf 6e e1 88 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000003 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\srvsvc > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\srvsvc. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77a8 nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2240 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 36 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2304 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30632 (0x77A8) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a8 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a8 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a8 name: srvsvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77a8 min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2304 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x90 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 37 of length 148 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2368 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30632 (0x77A8) > smb_bcc=77 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 15 00 00 00 02 00 08 00 00 .$...... ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 65 00 00 00 .p.e.l.. .e... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=60 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a8 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a8 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "srvsvc" (pnum 77a8) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb95ab590 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a8 name: srvsvc open: Yes len: 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000024 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0015 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[21].fn == 0xb7bcf550 > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > in: struct srvsvc_NetSrvGetInfo > server_unc : * > server_unc : '\\appel' > level : 0x00000065 (101) >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1041) > _srvsvc_NetSrvGetInfo: 1041 >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1117) > _srvsvc_NetSrvGetInfo: 1117 > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > out: struct srvsvc_NetSrvGetInfo > info : * > info : union srvsvc_NetSrvInfo(case 101) > info101 : * > info101: struct srvsvc_NetSrvInfo101 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'APPEL' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > server_type : 0x00809b23 (8428323) > 1: SV_TYPE_WORKSTATION > 1: SV_TYPE_SERVER > 0: SV_TYPE_SQLSERVER > 0: SV_TYPE_DOMAIN_CTRL > 0: SV_TYPE_DOMAIN_BAKCTRL > 1: SV_TYPE_TIME_SOURCE > 0: SV_TYPE_AFP > 0: SV_TYPE_NOVELL > 1: SV_TYPE_DOMAIN_MEMBER > 1: SV_TYPE_PRINTQ_SERVER > 0: SV_TYPE_DIALIN_SERVER > 1: SV_TYPE_SERVER_UNIX > 1: SV_TYPE_NT > 0: SV_TYPE_WFW > 0: SV_TYPE_SERVER_MFPN > 1: SV_TYPE_SERVER_NT > 0: SV_TYPE_POTENTIAL_BROWSER > 0: SV_TYPE_BACKUP_BROWSER > 0: SV_TYPE_MASTER_BROWSER > 0: SV_TYPE_DOMAIN_MASTER > 0: SV_TYPE_SERVER_OSF > 0: SV_TYPE_SERVER_VMS > 0: SV_TYPE_WIN95_PLUS > 1: SV_TYPE_DFS_SERVER > 0: SV_TYPE_ALTERNATE_XPORT > 0: SV_TYPE_LOCAL_LIST_ONLY > 0: SV_TYPE_DOMAIN_ENUM > comment : * > comment : 'Fedora 9 - Samba 3.2.0-17.fc9' > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called srvsvc successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 24 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 44 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a8 name: srvsvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 132. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 009c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000084 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..156] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=212 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2368 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 156 (0x9C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 156 (0x9C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=157 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 9C 00 00 00 01 00 00 ........ ........ > [010] 00 84 00 00 00 00 00 00 00 65 00 00 00 00 00 02 ........ .e...... > [020] 00 F4 01 00 00 04 00 02 00 04 00 00 00 09 00 00 ........ ........ > [030] 00 23 9B 80 00 08 00 02 00 06 00 00 00 00 00 00 .#...... ........ > [040] 00 06 00 00 00 41 00 50 00 50 00 45 00 4C 00 00 .....A.P .P.E.L.. > [050] 00 1E 00 00 00 00 00 00 00 1E 00 00 00 46 00 65 ........ .....F.e > [060] 00 64 00 6F 00 72 00 61 00 20 00 39 00 20 00 2D .d.o.r.a . .9. .- > [070] 00 20 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 . .S.a.m .b.a. .3 > [080] 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 00 2E ...2...0 .-.1.7.. > [090] 00 66 00 63 00 39 00 00 00 00 00 00 00 .f.c.9.. ..... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 38 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2432 > smt_wct=3 > smb_vwv[ 0]=30632 (0x77A8) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a8 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77a8 (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77a8 >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name srvsvc pnum=77a8 (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 7372767376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 7372767376632F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2432 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 39 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2496 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 256 (0x100) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \wkssvc. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe wkssvc opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested wkssvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested wkssvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe wkssvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe wkssvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe wkssvc with handle 77a9 (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name wkssvc pnum=77a9 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 776B737376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab140 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 776B737376632F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \wkssvc >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2496 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43264 (0xA900) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 40 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2560 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30633 (0x77A9) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 > [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a9 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a9 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a9 name: wkssvc open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 6bffd098 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : a112 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 3610 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : 98 33 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 46 c3 f8 7e 34 5a >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000001 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\wkssvc > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc > checking \PIPE\wkssvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\wkssvc. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77a9 nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2560 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 41 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2624 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30633 (0x77A9) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a9 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a9 (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a9 name: wkssvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77a9 min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2624 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x90 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 42 of length 148 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2688 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30633 (0x77A9) > smb_bcc=77 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 00 00 00 00 02 00 08 00 00 .$...... ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 64 00 00 00 .p.e.l.. .d... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=60 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a9 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a9 (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "wkssvc" (pnum 77a9) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb95aab90 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77a9 name: wkssvc open: Yes len: 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000024 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0000 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[0].fn == 0xb7ba2020 > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\appel' > level : 0x00000064 (100) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'APPEL' > domain_name : * > domain_name : 'MACROSCOOP' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called wkssvc successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 37 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 44 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77a9 name: wkssvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0074 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000005c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..116] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2688 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=117 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... > [010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... > [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ > [030] 00 09 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ > [040] 00 41 00 50 00 50 00 45 00 4C 00 00 00 0B 00 00 .A.P.P.E .L...... > [050] 00 00 00 00 00 0B 00 00 00 4D 00 41 00 43 00 52 ........ .M.A.C.R > [060] 00 4F 00 53 00 43 00 4F 00 4F 00 50 00 00 00 00 .O.S.C.O .O.P.... > [070] 00 00 00 00 00 ..... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 43 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2752 > smt_wct=3 > smb_vwv[ 0]=30633 (0x77A9) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77a9 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name wkssvc pnum=77a9 (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77a9 >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe wkssvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name wkssvc pnum=77a9 (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 776B737376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 776B737376632F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2752 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 44 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2816 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \srvsvc. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe srvsvc opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested srvsvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested srvsvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe srvsvc >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe srvsvc (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe srvsvc with handle 77aa (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name srvsvc pnum=77aa >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 7372767376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a2aa8 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 7372767376632F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \srvsvc >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=2816 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43520 (0xAA00) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 45 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2880 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30634 (0x77AA) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. > [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77aa >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77aa (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77aa name: srvsvc open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 4b324fc8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : 1670 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 01d3 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : 12 78 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 5a 47 bf 6e e1 88 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000003 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\srvsvc > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\srvsvc. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77aa nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2880 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 46 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2944 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30634 (0x77AA) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77aa >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77aa (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77aa name: srvsvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77aa min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2944 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x90 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 47 of length 148 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3008 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30634 (0x77AA) > smb_bcc=77 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 01 00 00 ........ .<...... > [020] 00 24 00 00 00 00 00 15 00 00 00 02 00 08 00 00 .$...... ........ > [030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 61 00 70 ........ .\.\.a.p > [040] 00 70 00 65 00 6C 00 00 00 65 00 00 00 .p.e.l.. .e... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=60 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77aa >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77aa (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "srvsvc" (pnum 77aa) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb952de20 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77aa name: srvsvc open: Yes len: 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000024 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0015 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[21].fn == 0xb7bcf550 > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > in: struct srvsvc_NetSrvGetInfo > server_unc : * > server_unc : '\\appel' > level : 0x00000065 (101) >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1041) > _srvsvc_NetSrvGetInfo: 1041 >[2008/07/16 17:09:17, 5] rpc_server/srv_srvsvc_nt.c:_srvsvc_NetSrvGetInfo(1117) > _srvsvc_NetSrvGetInfo: 1117 > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > out: struct srvsvc_NetSrvGetInfo > info : * > info : union srvsvc_NetSrvInfo(case 101) > info101 : * > info101: struct srvsvc_NetSrvInfo101 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'APPEL' > version_major : 0x00000004 (4) > version_minor : 0x00000009 (9) > server_type : 0x00809b23 (8428323) > 1: SV_TYPE_WORKSTATION > 1: SV_TYPE_SERVER > 0: SV_TYPE_SQLSERVER > 0: SV_TYPE_DOMAIN_CTRL > 0: SV_TYPE_DOMAIN_BAKCTRL > 1: SV_TYPE_TIME_SOURCE > 0: SV_TYPE_AFP > 0: SV_TYPE_NOVELL > 1: SV_TYPE_DOMAIN_MEMBER > 1: SV_TYPE_PRINTQ_SERVER > 0: SV_TYPE_DIALIN_SERVER > 1: SV_TYPE_SERVER_UNIX > 1: SV_TYPE_NT > 0: SV_TYPE_WFW > 0: SV_TYPE_SERVER_MFPN > 1: SV_TYPE_SERVER_NT > 0: SV_TYPE_POTENTIAL_BROWSER > 0: SV_TYPE_BACKUP_BROWSER > 0: SV_TYPE_MASTER_BROWSER > 0: SV_TYPE_DOMAIN_MASTER > 0: SV_TYPE_SERVER_OSF > 0: SV_TYPE_SERVER_VMS > 0: SV_TYPE_WIN95_PLUS > 1: SV_TYPE_DFS_SERVER > 0: SV_TYPE_ALTERNATE_XPORT > 0: SV_TYPE_LOCAL_LIST_ONLY > 0: SV_TYPE_DOMAIN_ENUM > comment : * > comment : 'Fedora 9 - Samba 3.2.0-17.fc9' > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called srvsvc successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 24 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 44 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77aa name: srvsvc len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 132. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 009c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000084 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..156] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=212 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3008 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 156 (0x9C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 156 (0x9C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=157 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 9C 00 00 00 01 00 00 ........ ........ > [010] 00 84 00 00 00 00 00 00 00 65 00 00 00 00 00 02 ........ .e...... > [020] 00 F4 01 00 00 04 00 02 00 04 00 00 00 09 00 00 ........ ........ > [030] 00 23 9B 80 00 08 00 02 00 06 00 00 00 00 00 00 .#...... ........ > [040] 00 06 00 00 00 41 00 50 00 50 00 45 00 4C 00 00 .....A.P .P.E.L.. > [050] 00 1E 00 00 00 00 00 00 00 1E 00 00 00 46 00 65 ........ .....F.e > [060] 00 64 00 6F 00 72 00 61 00 20 00 39 00 20 00 2D .d.o.r.a . .9. .- > [070] 00 20 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 . .S.a.m .b.a. .3 > [080] 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 00 2E ...2...0 .-.1.7.. > [090] 00 66 00 63 00 39 00 00 00 00 00 00 00 .f.c.9.. ..... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 48 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=3072 > smt_wct=3 > smb_vwv[ 0]=30634 (0x77AA) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77aa >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name srvsvc pnum=77aa (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77aa >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe srvsvc >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name srvsvc pnum=77aa (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 7372767376632F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 7372767376632F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=3072 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 100 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x64 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 49 of length 104 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3136 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [010] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBntcreateX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = winreg >[2008/07/16 17:09:17, 4] smbd/nttrans.c:nt_open_pipe(297) > nt_open_pipe: Opening pipe \winreg. >[2008/07/16 17:09:17, 3] smbd/nttrans.c:nt_open_pipe(322) > nt_open_pipe: Known pipe winreg opening. >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) > Open pipe requested winreg (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) > Create pipe requested winreg >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe winreg >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) > Created internal pipe winreg (pipes_open=0) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) > Opened pipe winreg with handle 77ab (pipes_open=1) >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) > open pipes: name winreg pnum=77ab >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 77696E7265672F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95a97e8 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 77696E7265672F313234 >[2008/07/16 17:09:17, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) > do_ntcreate_pipe_open: open pipe = \winreg >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=135 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3136 > smt_wct=42 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43776 (0xAB00) > smb_vwv[ 3]= 375 (0x177) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_vwv[34]= 0 (0x0) > smb_vwv[35]= 0 (0x0) > smb_vwv[36]= 0 (0x0) > smb_vwv[37]= 0 (0x0) > smb_vwv[38]= 0 (0x0) > smb_vwv[39]= 0 (0x0) > smb_vwv[40]= 0 (0x0) > smb_vwv[41]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:17, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x88 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 50 of length 140 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=3200 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30635 (0x77AB) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBwriteX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(470) > NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 > contains 17 SIDs > SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 > SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 > SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 > SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 > SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 > SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 > SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 > SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 > SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 > SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 > SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 > SID[ 15]: S-1-5-32-545 > SID[ 16]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 150122 > Primary group is 150004 and contains 13 supplementary groups > Group[ 0]: 150000 > Group[ 1]: 150004 > Group[ 2]: 150009 > Group[ 3]: 150152 > Group[ 4]: 150005 > Group[ 5]: 150189 > Group[ 6]: 150153 > Group[ 7]: 150154 > Group[ 8]: 150188 > Group[ 9]: 150006 > Group[ 10]: 150007 > Group[ 11]: 150257 > Group[ 12]: 150256 >[2008/07/16 17:09:17, 5] smbd/uid.c:change_to_user(272) > change_to_user uid=(150122,150122) gid=(0,150004) >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77ab >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name winreg pnum=77ab (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77ab name: winreg open: Yes len: 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 11 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) > api_pipe_bind_req: decode request. 1553 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_rb >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 00000000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0008 num_contexts: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c context_id : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 000e num_transfer_syntaxes: 01 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00000f smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 data : 338cd001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 data : 2244 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 data : 31f1 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 data : aa aa >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a data : 90 00 38 00 10 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 version: 00000001 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0028 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002c data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002e data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) > api_pipe_bind_req: make response. 1608 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe.c:check_bind_req(991) > check_bind_req for \PIPE\winreg > checking \PIPE\lsarpc > checking \PIPE\lsarpc > checking \PIPE\samr > checking \PIPE\NETLOGON > checking \PIPE\srvsvc > checking \PIPE\wkssvc > checking \PIPE\winreg >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_ba >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_bba >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0000 max_tsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0002 max_rsize: 10b8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 assoc_gid: 000053f0 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000008 smb_io_rpc_addr_str >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 len: 000d >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 000a str: \PIPE\winreg. >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000017 smb_io_rpc_results >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_results: 01 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c result : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001e reason : 0000 >[2008/07/16 17:09:17, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_rpc_iface >[2008/07/16 17:09:17, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 8a885d04 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1ceb >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11c9 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9f e8 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 08 00 2b 10 48 60 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 56 >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251) > writeX-IPC pnum=77ab nwritten=72 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=3200 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 59 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x3b >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 51 of length 63 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=3264 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30635 (0x77AB) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBreadX (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77ab >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name winreg pnum=77ab (pipes_open=1) >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77ab name: winreg len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) > read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/07/16 17:09:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301) > readX-IPC pnum=77ab min=1024 max=1024 nread=68 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=3264 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 120 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x78 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 52 of length 124 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3328 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30635 (0x77AB) > smb_bcc=53 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [020] 00 0C 00 00 00 00 00 02 00 00 00 02 00 C0 51 01 ........ ......Q. > [030] 00 00 00 00 02 ..... >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=36 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77ab >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name winreg pnum=77ab (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "winreg" (pnum 77ab) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb953eeb0 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77ab name: winreg open: Yes len: 36 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 36 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 20 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0024 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 20 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 0000000c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0002 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 71 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\winreg >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: WINREG_OPENHKLM >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[2].fn == 0xb7b9ba50 > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : * > system_name : 0x51c0 (20928) > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2008/07/16 17:09:17, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [HKLM] >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:push_sec_ctx(224) > push_sec_ctx(150122, 150004) : sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:17, 3] smbd/uid.c:push_conn_ctx(357) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:17, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432) > pop_sec_ctx (150122, 150004) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_open(409) > regdb_open: refcount reset (1) >[2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM] >[2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM] >[2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM] >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x02000000, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-7e48-1d0fbf300000 > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called winreg successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 20 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77ab name: winreg len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3328 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 00 00 00 .....~H. ..0..... > [030] 00 . >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 228 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0xe4 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 53 of length 232 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=228 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3392 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 144 (0x90) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 144 (0x90) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30635 (0x77AB) > smb_bcc=161 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 90 00 00 00 02 00 00 ........ ........ > [020] 00 78 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 .x...... ........ > [030] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 46 00 46 .....~H. ..0..F.F > [040] 00 00 00 02 00 23 00 00 00 00 00 00 00 23 00 00 .....#.. .....#.. > [050] 00 53 00 4F 00 46 00 54 00 57 00 41 00 52 00 45 .S.O.F.T .W.A.R.E > [060] 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F .\.M.i.c .r.o.s.o > [070] 00 66 00 74 00 5C 00 53 00 63 00 68 00 65 00 64 .f.t.\.S .c.h.e.d > [080] 00 75 00 6C 00 69 00 6E 00 67 00 41 00 67 00 65 .u.l.i.n .g.A.g.e > [090] 00 6E 00 74 00 00 00 9C B2 00 00 00 00 19 00 02 .n.t.... ........ > [0A0] 00 . >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=144 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77ab >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name winreg pnum=77ab (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "winreg" (pnum 77ab) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb953eeb0 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77ab name: winreg open: Yes len: 144 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 144 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 144 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 144, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 128 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 128 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0090 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 128 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 128, incoming data = 128 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000078 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 000f >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 0 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\winreg >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: WINREG_OPENKEY >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[15].fn == 0xb7b99fd0 > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-7e48-1d0fbf300000 > keyname: struct winreg_String > name_len : 0x0046 (70) > name_size : 0x0046 (70) > name : * > name : 'SOFTWARE\Microsoft\SchedulingAgent' > unknown : 0x00000000 (0) > access_mask : 0x00020019 (131097) > 1: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 1: KEY_ENUMERATE_SUB_KEYS > 1: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. >[2008/07/16 17:09:17, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SOFTWARE] >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (1) >[2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE] >[2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SOFTWARE] >[2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SOFTWARE] >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:17, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:17, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [Microsoft] >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE/Microsoft] >[2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SOFTWARE/Microsoft] >[2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SOFTWARE/Microsoft] >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2008/07/16 17:09:17, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000008, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:17, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 >[2008/07/16 17:09:17, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (8) granted. >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:17, 7] registry/reg_api.c:regkey_open_onelevel(132) > regkey_open_onelevel: name = [SchedulingAgent] >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_open(391) > regdb_open: incrementing refcount (2) >[2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(125) > reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] >[2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(352) > pathtree_find: Enter [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] >[2008/07/16 17:09:17, 10] lib/adt_tree.c:pathtree_find(425) > pathtree_find: Exit >[2008/07/16 17:09:17, 10] registry/reg_cachehook.c:reghook_cache_find(130) > reghook_cache_find: found ops 0xb8017aa0 for key [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] >[2008/07/16 17:09:17, 5] registry/reg_backend_db.c:regdb_fetch_keys(752) > regdb_fetch_keys: tdb lookup failed to locate key [HKLM\SOFTWARE\Microsoft\SchedulingAgent] >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (2) >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (1) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_BADFILE >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called winreg successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 128 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77ab name: winreg len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3392 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 . >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 128 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x80 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 54 of length 132 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3456 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30635 (0x77AB) > smb_bcc=61 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 7E 48 1D 0F BF 30 00 00 .....~H. ..0.. >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBtrans (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 3] smbd/ipc.c:handle_trans(436) > trans <\PIPE\> data=44 params=0 setup=2 >[2008/07/16 17:09:17, 5] smbd/ipc.c:handle_trans(469) > calling named_pipe >[2008/07/16 17:09:17, 3] smbd/ipc.c:named_pipe(387) > named pipe command on <> name >[2008/07/16 17:09:17, 5] smbd/ipc.c:api_fd_reply(307) > api_fd_reply >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77ab >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name winreg pnum=77ab (pipes_open=1) >[2008/07/16 17:09:17, 3] smbd/ipc.c:api_fd_reply(345) > Got API command 0x26 on pipe "winreg" (pnum 77ab) >[2008/07/16 17:09:17, 10] smbd/ipc.c:api_fd_reply(350) > api_fd_reply: p:0xb953eeb0 max_trans_reply: 1024 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) > write_to_pipe: 77ab name: winreg open: Yes len: 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 16 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 28 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) > unmarshall_rpc_header: using little-endian RPC >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) > write_to_pipe: data_left = 28 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) > process_complete_pdu: processing packet type 0 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr_req req >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 alloc_hint: 00000014 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0006 opnum : 0005 >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 0 >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) > Requested \PIPE\winreg >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: WINREG_CLOSEKEY >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) > api_rpc_cmds[5].fn == 0xb7b9b410 > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-7e48-1d0fbf300000 >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. >[2008/07/16 17:09:17, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7E 48 1D 0F ........ ....~H.. > [010] BF 30 00 00 .0.. >[2008/07/16 17:09:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) > Closed policy >[2008/07/16 17:09:17, 10] registry/reg_backend_db.c:regdb_close(425) > regdb_close: decrementing refcount (0) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) > api_rpcTNP: called winreg successfully >[2008/07/16 17:09:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) > free_pipe_context: destroying talloc pool of size 0 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) > write_to_pipe: data_used = 28 >[2008/07/16 17:09:17, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) > read_from_pipe: 77ab name: winreg len: 1024 >[2008/07/16 17:09:17, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp resp >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/07/16 17:09:17, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/07/16 17:09:17, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1560 > smb_uid=101 > smb_mid=3456 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/07/16 17:09:17, 10] lib/util.c:dump_data(2226) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/07/16 17:09:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 41 >[2008/07/16 17:09:17, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x29 >[2008/07/16 17:09:17, 3] smbd/process.c:process_smb(1549) > Transaction 55 of length 45 (0 toread) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=3520 > smt_wct=3 > smb_vwv[ 0]=30635 (0x77AB) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/07/16 17:09:17, 3] smbd/process.c:switch_message(1361) > switch message SMBclose (pid 12479) conn 0xb95b2090 >[2008/07/16 17:09:17, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) > search for pipe pnum=77ab >[2008/07/16 17:09:17, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) > pipe name winreg pnum=77ab (pipes_open=1) >[2008/07/16 17:09:17, 5] smbd/pipes.c:reply_pipe_close(319) > reply_pipe_close: pnum:77ab >[2008/07/16 17:09:17, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) > close_policy_by_pipe: deleted handle list for pipe winreg >[2008/07/16 17:09:17, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) > closed pipe name winreg pnum=77ab (pipes_open=0) >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 77696E7265672F313234 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95ab350 >[2008/07/16 17:09:17, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 77696E7265672F313234 >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:17, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=3520 > smt_wct=0 > smb_bcc=0 >[2008/07/16 17:09:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 84 >[2008/07/16 17:09:18, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x54 >[2008/07/16 17:09:18, 3] smbd/process.c:process_smb(1549) > Transaction 56 of length 88 (0 toread) >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) > size=84 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=3584 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 84 (0x54) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=41 >[2008/07/16 17:09:18, 10] lib/util.c:dump_data(2226) > [000] 00 5C 00 5C 00 41 00 50 00 50 00 45 00 4C 00 5C .\.\.A.P .P.E.L.\ > [010] 00 5A 00 45 00 54 00 41 00 48 00 41 00 43 00 4B .Z.E.T.A .H.A.C.K > [020] 00 00 00 3F 3F 3F 3F 3F 00 ...????? . >[2008/07/16 17:09:18, 3] smbd/process.c:switch_message(1361) > switch message SMBtconX (pid 12479) conn 0x0 >[2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:18, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:18, 4] smbd/reply.c:reply_tcon_and_X(653) > Client requested device type [?????] for share [ZETAHACK] >[2008/07/16 17:09:18, 5] smbd/service.c:make_connection(1376) > making a connection to 'normal' service zetahack >[2008/07/16 17:09:18, 10] smbd/share_access.c:user_ok_token(231) > user_ok_token: share zetahack is ok for unix user MACROSCOOP\pim >[2008/07/16 17:09:18, 5] lib/username.c:Get_Pwnam_alloc(133) > Finding user MACROSCOOP\pim >[2008/07/16 17:09:18, 5] lib/username.c:Get_Pwnam_internals(77) > Trying _Get_Pwnam(), username as lowercase is macroscoop\pim >[2008/07/16 17:09:18, 5] lib/username.c:Get_Pwnam_internals(110) > Get_Pwnam_internals did find user [MACROSCOOP\pim]! >[2008/07/16 17:09:18, 10] smbd/service.c:set_conn_connectpath(157) > set_conn_connectpath: service zetahack, connectpath = /var/spool/samba >[2008/07/16 17:09:18, 3] smbd/service.c:make_connection_snum(936) > Connect path is '/var/spool/samba' for service [zetahack] >[2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000002, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. >[2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2008/07/16 17:09:18, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (2) granted. >[2008/07/16 17:09:18, 3] smbd/vfs.c:vfs_init_default(96) > Initialising default vfs hooks >[2008/07/16 17:09:18, 3] smbd/vfs.c:vfs_init_custom(130) > Initialising custom vfs hooks from [/[Default VFS]/] >[2008/07/16 17:09:18, 10] smbd/vfs.c:vfs_find_backend_entry(48) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #0 (type 0, layer 0) > Making operation type 0 opaque [module /[Default VFS]/] > Accepting operation type 0 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #1 (type 1, layer 0) > Making operation type 1 opaque [module /[Default VFS]/] > Accepting operation type 1 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #2 (type 2, layer 0) > Making operation type 2 opaque [module /[Default VFS]/] > Accepting operation type 2 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #3 (type 3, layer 0) > Making operation type 3 opaque [module /[Default VFS]/] > Accepting operation type 3 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #4 (type 4, layer 0) > Making operation type 4 opaque [module /[Default VFS]/] > Accepting operation type 4 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #5 (type 5, layer 0) > Making operation type 5 opaque [module /[Default VFS]/] > Accepting operation type 5 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #6 (type 6, layer 0) > Making operation type 6 opaque [module /[Default VFS]/] > Accepting operation type 6 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #7 (type 7, layer 0) > Making operation type 7 opaque [module /[Default VFS]/] > Accepting operation type 7 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #8 (type 8, layer 0) > Making operation type 8 opaque [module /[Default VFS]/] > Accepting operation type 8 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #9 (type 9, layer 0) > Making operation type 9 opaque [module /[Default VFS]/] > Accepting operation type 9 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #10 (type 10, layer 0) > Making operation type 10 opaque [module /[Default VFS]/] > Accepting operation type 10 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #11 (type 11, layer 0) > Making operation type 11 opaque [module /[Default VFS]/] > Accepting operation type 11 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #12 (type 12, layer 0) > Making operation type 12 opaque [module /[Default VFS]/] > Accepting operation type 12 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #13 (type 13, layer 0) > Making operation type 13 opaque [module /[Default VFS]/] > Accepting operation type 13 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #14 (type 14, layer 0) > Making operation type 14 opaque [module /[Default VFS]/] > Accepting operation type 14 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #15 (type 15, layer 0) > Making operation type 15 opaque [module /[Default VFS]/] > Accepting operation type 15 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #16 (type 16, layer 0) > Making operation type 16 opaque [module /[Default VFS]/] > Accepting operation type 16 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #17 (type 17, layer 0) > Making operation type 17 opaque [module /[Default VFS]/] > Accepting operation type 17 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #18 (type 18, layer 0) > Making operation type 18 opaque [module /[Default VFS]/] > Accepting operation type 18 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #19 (type 19, layer 0) > Making operation type 19 opaque [module /[Default VFS]/] > Accepting operation type 19 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #20 (type 20, layer 0) > Making operation type 20 opaque [module /[Default VFS]/] > Accepting operation type 20 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #21 (type 21, layer 0) > Making operation type 21 opaque [module /[Default VFS]/] > Accepting operation type 21 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #22 (type 22, layer 0) > Making operation type 22 opaque [module /[Default VFS]/] > Accepting operation type 22 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #23 (type 23, layer 0) > Making operation type 23 opaque [module /[Default VFS]/] > Accepting operation type 23 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #24 (type 24, layer 0) > Making operation type 24 opaque [module /[Default VFS]/] > Accepting operation type 24 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #25 (type 25, layer 0) > Making operation type 25 opaque [module /[Default VFS]/] > Accepting operation type 25 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #26 (type 26, layer 0) > Making operation type 26 opaque [module /[Default VFS]/] > Accepting operation type 26 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #27 (type 27, layer 0) > Making operation type 27 opaque [module /[Default VFS]/] > Accepting operation type 27 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #28 (type 28, layer 0) > Making operation type 28 opaque [module /[Default VFS]/] > Accepting operation type 28 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #29 (type 29, layer 0) > Making operation type 29 opaque [module /[Default VFS]/] > Accepting operation type 29 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #30 (type 30, layer 0) > Making operation type 30 opaque [module /[Default VFS]/] > Accepting operation type 30 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #31 (type 31, layer 0) > Making operation type 31 opaque [module /[Default VFS]/] > Accepting operation type 31 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #32 (type 32, layer 0) > Making operation type 32 opaque [module /[Default VFS]/] > Accepting operation type 32 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #33 (type 33, layer 0) > Making operation type 33 opaque [module /[Default VFS]/] > Accepting operation type 33 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #34 (type 34, layer 0) > Making operation type 34 opaque [module /[Default VFS]/] > Accepting operation type 34 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #35 (type 35, layer 0) > Making operation type 35 opaque [module /[Default VFS]/] > Accepting operation type 35 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #36 (type 36, layer 0) > Making operation type 36 opaque [module /[Default VFS]/] > Accepting operation type 36 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #37 (type 37, layer 0) > Making operation type 37 opaque [module /[Default VFS]/] > Accepting operation type 37 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #38 (type 38, layer 0) > Making operation type 38 opaque [module /[Default VFS]/] > Accepting operation type 38 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #39 (type 39, layer 0) > Making operation type 39 opaque [module /[Default VFS]/] > Accepting operation type 39 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #40 (type 40, layer 0) > Making operation type 40 opaque [module /[Default VFS]/] > Accepting operation type 40 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #41 (type 41, layer 0) > Making operation type 41 opaque [module /[Default VFS]/] > Accepting operation type 41 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #42 (type 42, layer 0) > Making operation type 42 opaque [module /[Default VFS]/] > Accepting operation type 42 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #43 (type 43, layer 0) > Making operation type 43 opaque [module /[Default VFS]/] > Accepting operation type 43 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #44 (type 44, layer 0) > Making operation type 44 opaque [module /[Default VFS]/] > Accepting operation type 44 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #45 (type 45, layer 0) > Making operation type 45 opaque [module /[Default VFS]/] > Accepting operation type 45 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #46 (type 46, layer 0) > Making operation type 46 opaque [module /[Default VFS]/] > Accepting operation type 46 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #47 (type 47, layer 0) > Making operation type 47 opaque [module /[Default VFS]/] > Accepting operation type 47 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #48 (type 48, layer 0) > Making operation type 48 opaque [module /[Default VFS]/] > Accepting operation type 48 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #49 (type 49, layer 0) > Making operation type 49 opaque [module /[Default VFS]/] > Accepting operation type 49 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #50 (type 50, layer 0) > Making operation type 50 opaque [module /[Default VFS]/] > Accepting operation type 50 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #51 (type 51, layer 0) > Making operation type 51 opaque [module /[Default VFS]/] > Accepting operation type 51 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #52 (type 52, layer 0) > Making operation type 52 opaque [module /[Default VFS]/] > Accepting operation type 52 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #53 (type 53, layer 0) > Making operation type 53 opaque [module /[Default VFS]/] > Accepting operation type 53 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #54 (type 54, layer 0) > Making operation type 54 opaque [module /[Default VFS]/] > Accepting operation type 54 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #55 (type 55, layer 0) > Making operation type 55 opaque [module /[Default VFS]/] > Accepting operation type 55 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #56 (type 56, layer 0) > Making operation type 56 opaque [module /[Default VFS]/] > Accepting operation type 56 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #57 (type 57, layer 0) > Making operation type 57 opaque [module /[Default VFS]/] > Accepting operation type 57 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #58 (type 58, layer 0) > Making operation type 58 opaque [module /[Default VFS]/] > Accepting operation type 58 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #59 (type 59, layer 0) > Making operation type 59 opaque [module /[Default VFS]/] > Accepting operation type 59 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #60 (type 60, layer 0) > Making operation type 60 opaque [module /[Default VFS]/] > Accepting operation type 60 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #61 (type 61, layer 0) > Making operation type 61 opaque [module /[Default VFS]/] > Accepting operation type 61 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #62 (type 62, layer 0) > Making operation type 62 opaque [module /[Default VFS]/] > Accepting operation type 62 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #63 (type 63, layer 0) > Making operation type 63 opaque [module /[Default VFS]/] > Accepting operation type 63 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #64 (type 64, layer 0) > Making operation type 64 opaque [module /[Default VFS]/] > Accepting operation type 64 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #65 (type 65, layer 0) > Making operation type 65 opaque [module /[Default VFS]/] > Accepting operation type 65 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #66 (type 66, layer 0) > Making operation type 66 opaque [module /[Default VFS]/] > Accepting operation type 66 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #67 (type 67, layer 0) > Making operation type 67 opaque [module /[Default VFS]/] > Accepting operation type 67 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #68 (type 68, layer 0) > Making operation type 68 opaque [module /[Default VFS]/] > Accepting operation type 68 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #69 (type 69, layer 0) > Making operation type 69 opaque [module /[Default VFS]/] > Accepting operation type 69 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #70 (type 70, layer 0) > Making operation type 70 opaque [module /[Default VFS]/] > Accepting operation type 70 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #71 (type 71, layer 0) > Making operation type 71 opaque [module /[Default VFS]/] > Accepting operation type 71 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #72 (type 72, layer 0) > Making operation type 72 opaque [module /[Default VFS]/] > Accepting operation type 72 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #73 (type 73, layer 0) > Making operation type 73 opaque [module /[Default VFS]/] > Accepting operation type 73 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #74 (type 74, layer 0) > Making operation type 74 opaque [module /[Default VFS]/] > Accepting operation type 74 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #75 (type 75, layer 0) > Making operation type 75 opaque [module /[Default VFS]/] > Accepting operation type 75 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #76 (type 76, layer 0) > Making operation type 76 opaque [module /[Default VFS]/] > Accepting operation type 76 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #77 (type 77, layer 0) > Making operation type 77 opaque [module /[Default VFS]/] > Accepting operation type 77 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #78 (type 78, layer 0) > Making operation type 78 opaque [module /[Default VFS]/] > Accepting operation type 78 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #79 (type 79, layer 0) > Making operation type 79 opaque [module /[Default VFS]/] > Accepting operation type 79 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #80 (type 80, layer 0) > Making operation type 80 opaque [module /[Default VFS]/] > Accepting operation type 80 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #81 (type 81, layer 0) > Making operation type 81 opaque [module /[Default VFS]/] > Accepting operation type 81 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #82 (type 82, layer 0) > Making operation type 82 opaque [module /[Default VFS]/] > Accepting operation type 82 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #83 (type 83, layer 0) > Making operation type 83 opaque [module /[Default VFS]/] > Accepting operation type 83 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #84 (type 84, layer 0) > Making operation type 84 opaque [module /[Default VFS]/] > Accepting operation type 84 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #85 (type 85, layer 0) > Making operation type 85 opaque [module /[Default VFS]/] > Accepting operation type 85 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #86 (type 86, layer 0) > Making operation type 86 opaque [module /[Default VFS]/] > Accepting operation type 86 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #87 (type 87, layer 0) > Making operation type 87 opaque [module /[Default VFS]/] > Accepting operation type 87 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #88 (type 88, layer 0) > Making operation type 88 opaque [module /[Default VFS]/] > Accepting operation type 88 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #89 (type 89, layer 0) > Making operation type 89 opaque [module /[Default VFS]/] > Accepting operation type 89 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #90 (type 90, layer 0) > Making operation type 90 opaque [module /[Default VFS]/] > Accepting operation type 90 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #91 (type 91, layer 0) > Making operation type 91 opaque [module /[Default VFS]/] > Accepting operation type 91 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #92 (type 92, layer 0) > Making operation type 92 opaque [module /[Default VFS]/] > Accepting operation type 92 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #93 (type 93, layer 0) > Making operation type 93 opaque [module /[Default VFS]/] > Accepting operation type 93 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #94 (type 94, layer 0) > Making operation type 94 opaque [module /[Default VFS]/] > Accepting operation type 94 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #95 (type 95, layer 0) > Making operation type 95 opaque [module /[Default VFS]/] > Accepting operation type 95 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #96 (type 96, layer 0) > Making operation type 96 opaque [module /[Default VFS]/] > Accepting operation type 96 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #97 (type 97, layer 0) > Making operation type 97 opaque [module /[Default VFS]/] > Accepting operation type 97 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #98 (type 98, layer 0) > Making operation type 98 opaque [module /[Default VFS]/] > Accepting operation type 98 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #99 (type 99, layer 0) > Making operation type 99 opaque [module /[Default VFS]/] > Accepting operation type 99 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #100 (type 100, layer 0) > Making operation type 100 opaque [module /[Default VFS]/] > Accepting operation type 100 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #101 (type 101, layer 0) > Making operation type 101 opaque [module /[Default VFS]/] > Accepting operation type 101 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/vfs.c:vfs_init_custom(193) > Checking operation #102 (type 102, layer 0) > Making operation type 102 opaque [module /[Default VFS]/] > Accepting operation type 102 from module /[Default VFS]/ >[2008/07/16 17:09:18, 5] smbd/connection.c:claim_connection(142) > claiming [zetahack] >[2008/07/16 17:09:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key BF300000020000007A65 >[2008/07/16 17:09:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95aff60 >[2008/07/16 17:09:18, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key BF300000020000007A65 >[2008/07/16 17:09:18, 10] smbd/share_access.c:user_ok_token(231) > user_ok_token: share zetahack is ok for unix user MACROSCOOP\pim >[2008/07/16 17:09:18, 10] smbd/share_access.c:is_share_read_only_for_token(273) > is_share_read_only_for_user: share zetahack is read-write for unix user MACROSCOOP\pim >[2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000002, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. >[2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2008/07/16 17:09:18, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (2) granted. >[2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/07/16 17:09:18, 10] lib/util_seaccess.c:se_access_check(232) > se_access_check: requested access 0x00000002, for NT token with 17 entries and first sid S-1-5-21-995976282-251809560-1267956476-1005. >[2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(249) >[2008/07/16 17:09:18, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-995976282-251809560-1267956476-1005 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-512 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1915 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3472 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1209 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3497 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3475 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3471 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3485 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-1165 > se_access_check: also S-1-5-21-995976282-251809560-1267956476-3429 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2008/07/16 17:09:18, 5] lib/util_seaccess.c:se_access_check(310) > se_access_check: access (2) granted. >[2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(470) > NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 > contains 17 SIDs > SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 > SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 > SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 > SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 > SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 > SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 > SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 > SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 > SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 > SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 > SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 > SID[ 15]: S-1-5-32-545 > SID[ 16]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 150122 > Primary group is 150004 and contains 13 supplementary groups > Group[ 0]: 150000 > Group[ 1]: 150004 > Group[ 2]: 150009 > Group[ 3]: 150152 > Group[ 4]: 150005 > Group[ 5]: 150189 > Group[ 6]: 150153 > Group[ 7]: 150154 > Group[ 8]: 150188 > Group[ 9]: 150006 > Group[ 10]: 150007 > Group[ 11]: 150257 > Group[ 12]: 150256 >[2008/07/16 17:09:18, 5] smbd/uid.c:change_to_user(272) > change_to_user uid=(150122,150122) gid=(0,150004) >[2008/07/16 17:09:18, 1] smbd/service.c:make_connection_snum(1190) > __ffff_62.177.168.80 (::ffff:62.177.168.80) connect to service zetahack initially as user MACROSCOOP\pim (uid=150122, gid=150004) (pid 12479) >[2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:18, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:18, 3] smbd/reply.c:reply_tcon_and_X(727) > tconX service=ZETAHACK >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) > size=66 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=3584 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 31 (0x1F) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=17 >[2008/07/16 17:09:18, 10] lib/util.c:dump_data(2226) > [000] 4C 50 54 31 3A 00 00 4E 00 54 00 46 00 53 00 00 LPT1:..N .T.F.S.. > [010] 00 . >[2008/07/16 17:09:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 48 >[2008/07/16 17:09:18, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x30 >[2008/07/16 17:09:18, 3] smbd/process.c:process_smb(1549) > Transaction 57 of length 52 (0 toread) >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) > size=48 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1560 > smb_uid=101 > smb_mid=3648 > smt_wct=2 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1 (0x1) > smb_bcc=9 >[2008/07/16 17:09:18, 10] lib/util.c:dump_data(2226) > [000] 04 50 00 49 00 4D 00 00 00 .P.I.M.. . >[2008/07/16 17:09:18, 3] smbd/process.c:switch_message(1361) > switch message SMBsplopen (pid 12479) conn 0xb95b3728 >[2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (150122, 150004) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(470) > NT user token of user S-1-5-21-995976282-251809560-1267956476-1005 > contains 17 SIDs > SID[ 0]: S-1-5-21-995976282-251809560-1267956476-1005 > SID[ 1]: S-1-5-21-995976282-251809560-1267956476-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-995976282-251809560-1267956476-512 > SID[ 6]: S-1-5-21-995976282-251809560-1267956476-1915 > SID[ 7]: S-1-5-21-995976282-251809560-1267956476-3472 > SID[ 8]: S-1-5-21-995976282-251809560-1267956476-1209 > SID[ 9]: S-1-5-21-995976282-251809560-1267956476-3497 > SID[ 10]: S-1-5-21-995976282-251809560-1267956476-3475 > SID[ 11]: S-1-5-21-995976282-251809560-1267956476-3471 > SID[ 12]: S-1-5-21-995976282-251809560-1267956476-3485 > SID[ 13]: S-1-5-21-995976282-251809560-1267956476-1165 > SID[ 14]: S-1-5-21-995976282-251809560-1267956476-3429 > SID[ 15]: S-1-5-32-545 > SID[ 16]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 150122 > Primary group is 150004 and contains 13 supplementary groups > Group[ 0]: 150000 > Group[ 1]: 150004 > Group[ 2]: 150009 > Group[ 3]: 150152 > Group[ 4]: 150005 > Group[ 5]: 150189 > Group[ 6]: 150153 > Group[ 7]: 150154 > Group[ 8]: 150188 > Group[ 9]: 150006 > Group[ 10]: 150007 > Group[ 11]: 150257 > Group[ 12]: 150256 >[2008/07/16 17:09:18, 5] smbd/uid.c:change_to_user(272) > change_to_user uid=(150122,150122) gid=(0,150004) >[2008/07/16 17:09:18, 4] smbd/vfs.c:vfs_ChDir(733) > vfs_ChDir to /var/spool/samba >[2008/07/16 17:09:18, 5] smbd/files.c:file_new(121) > allocated file structure 3377, fnum = 7473 (1 used) >[2008/07/16 17:09:18, 3] smbd/sec_ctx.c:push_sec_ctx(224) > push_sec_ctx(150122, 150004) : sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:18, 3] smbd/uid.c:push_conn_ctx(357) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2008/07/16 17:09:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:18, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:18, 3] smbd/sec_ctx.c:pop_sec_ctx(432) > pop_sec_ctx (150122, 150004) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:18, 10] printing/nt_printing.c:get_a_printer_internal(4721) > get_a_printer: [zetahack] level 2 >[2008/07/16 17:09:18, 10] printing/nt_printing.c:get_a_printer_2_default(4009) > get_a_printer_2_default: driver name set to [] >[2008/07/16 17:09:18, 5] printing/print_cups.c:cups_pull_comment_location(1224) > pulling zetahack location >[2008/07/16 17:09:18, 10] printing/print_cups.c:cups_connect(64) > connecting to cups server /var/run/cups/cups.sock:631 >[2008/07/16 17:09:18, 5] printing/print_cups.c:cups_pull_comment_location(1312) > cups_pull_comment_location: Using cups location: >[2008/07/16 17:09:18, 5] printing/print_cups.c:cups_pull_comment_location(1300) > cups_pull_comment_location: Using cups comment: Zetafax hack >[2008/07/16 17:09:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000000 sec_io_desc_buf nt_printing_getsec >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 max_len: 000000c8 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 ptr : 00000001 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 len : 000000c8 >[2008/07/16 17:09:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 00000c sec_io_desc sec >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000c revision: 0001 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000e type : 8004 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 off_owner_sid: 000000a8 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 off_grp_sid : 000000b8 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 off_sacl : 00000000 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 001c off_dacl : 00000014 >[2008/07/16 17:09:18, 8] rpc_parse/parse_prs.c:prs_debug(88) > 0000b4 smb_io_dom_sid owner_sid >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b4 sid_rev_num: 01 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b5 num_auths : 02 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b6 id_auth[0] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b7 id_auth[1] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b8 id_auth[2] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00b9 id_auth[3] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ba id_auth[4] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00bb id_auth[5] : 05 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 00bc sub_auths : 00000020 00000220 >[2008/07/16 17:09:18, 8] rpc_parse/parse_prs.c:prs_debug(88) > 000020 sec_io_acl dacl >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0020 revision: 0002 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0022 size : 0094 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 num_aces : 00000005 >[2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000028 sec_io_ace ace_list[00]: >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 type : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0029 flags: 02 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002a size : 0014 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 002c access_mask: 20020008 >[2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_dom_sid trustee >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 sid_rev_num: 01 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 num_auths : 01 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 id_auth[0] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 id_auth[1] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0034 id_auth[2] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0035 id_auth[3] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0036 id_auth[4] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0037 id_auth[5] : 01 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0038 sub_auths : 00000000 >[2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) > 00003c sec_io_ace ace_list[01]: >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003c type : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003d flags: 09 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003e size : 0024 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 access_mask: 100f000c >[2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_dom_sid trustee >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 sid_rev_num: 01 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 num_auths : 05 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 id_auth[0] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 id_auth[1] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 id_auth[2] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 id_auth[3] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a id_auth[4] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b id_auth[5] : 05 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 004c sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 >[2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000060 sec_io_ace ace_list[02]: >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0060 type : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0061 flags: 02 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0062 size : 0024 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0064 access_mask: 100f000c >[2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) > 000068 smb_io_dom_sid trustee >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0068 sid_rev_num: 01 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0069 num_auths : 05 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006a id_auth[0] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006b id_auth[1] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006c id_auth[2] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006d id_auth[3] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006e id_auth[4] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 006f id_auth[5] : 05 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0070 sub_auths : 00000015 3b5d645a 0f024f18 4b937afc 000001f4 >[2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) > 000084 sec_io_ace ace_list[03]: >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0084 type : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0085 flags: 09 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0086 size : 0018 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0088 access_mask: 100f000c >[2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) > 00008c smb_io_dom_sid trustee >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008c sid_rev_num: 01 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008d num_auths : 02 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008e id_auth[0] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008f id_auth[1] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0090 id_auth[2] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0091 id_auth[3] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0092 id_auth[4] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0093 id_auth[5] : 05 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0094 sub_auths : 00000020 00000220 >[2008/07/16 17:09:18, 9] rpc_parse/parse_prs.c:prs_debug(88) > 00009c sec_io_ace ace_list[04]: >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009c type : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009d flags: 02 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 009e size : 0018 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 00a0 access_mask: 100f000c >[2008/07/16 17:09:18, 10] rpc_parse/parse_prs.c:prs_debug(88) > 0000a4 smb_io_dom_sid trustee >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a4 sid_rev_num: 01 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a5 num_auths : 02 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a6 id_auth[0] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a7 id_auth[1] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a8 id_auth[2] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a9 id_auth[3] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00aa id_auth[4] : 00 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ab id_auth[5] : 05 >[2008/07/16 17:09:18, 5] rpc_parse/parse_prs.c:prs_uint32s(1005) > 00ac sub_auths : 00000020 00000220 >[2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5668) > secdesc_ctr for zetahack has 5 aces: >[2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-1-0 0 2 0x20020008 >[2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-21-995976282-251809560-1267956476-500 0 9 0x100f000c >[2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-21-995976282-251809560-1267956476-500 0 2 0x100f000c >[2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-32-544 0 9 0x100f000c >[2008/07/16 17:09:18, 10] printing/nt_printing.c:nt_printing_getsec(5674) > S-1-5-32-544 0 2 0x100f000c >[2008/07/16 17:09:18, 4] printing/printing.c:print_cache_expired(1085) > print_cache_expired: cache expired for queue zetahack (last_qscan_time = 1209975349, time now = 1216220958, qcachetime = 30) >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_start(2418) > print_job_start: Queue zetahack number of jobs (50), max printjobs = 1000 >[2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) > send_spoolss_notify2_msg: appending message 0x01/0x10 for printer zetahack to notify_queue_head >[2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) > send_spoolss_notify2_msg: appending message 0x01/0x03 for printer zetahack to notify_queue_head >[2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) > send_spoolss_notify2_msg: appending message 0x01/0x0d for printer zetahack to notify_queue_head >[2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) > send_spoolss_notify2_msg: appending message 0x01/0x0d for printer zetahack to notify_queue_head >[2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer zetahack to notify_queue_head >[2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) > send_spoolss_notify2_msg: appending message 0x01/0x16 for printer zetahack to notify_queue_head >[2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) > send_spoolss_notify2_msg: appending message 0x01/0x14 for printer zetahack to notify_queue_head >[2008/07/16 17:09:18, 10] printing/printing.c:add_to_jobs_changed(2349) > add_to_jobs_changed: Added jobid 182 >[2008/07/16 17:09:18, 10] printing/printing.c:pjobid_to_rap(66) > pjobid_to_rap: called. >[2008/07/16 17:09:18, 10] printing/printing.c:pjobid_to_rap(101) > pjobid_to_rap: created jobid 182 maps to RAP jobid 1 >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(340) > print_job_find: looking up job 182 for share zetahack >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(369) > print_job_find: returning system job -1 for jobid 182. >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(340) > print_job_find: looking up job 182 for share zetahack >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(369) > print_job_find: returning system job -1 for jobid 182. >[2008/07/16 17:09:18, 3] smbd/reply.c:reply_printopen(4627) > openprint fd=29 fnum=7473 >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) > size=37 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2 > smb_pid=1560 > smb_uid=101 > smb_mid=3648 > smt_wct=1 > smb_vwv[ 0]= 7473 (0x1D31) > smb_bcc=0 >[2008/07/16 17:09:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 37 >[2008/07/16 17:09:18, 6] smbd/process.c:process_smb(1546) > got message type 0x0 of len 0x25 >[2008/07/16 17:09:18, 3] smbd/process.c:process_smb(1549) > Transaction 58 of length 41 (0 toread) >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(645) >[2008/07/16 17:09:18, 5] lib/util.c:show_msg(655) > size=37 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=3712 > smt_wct=1 > smb_vwv[ 0]= 7473 (0x1D31) > smb_bcc=0 >[2008/07/16 17:09:18, 3] smbd/process.c:switch_message(1361) > switch message SMBsplclose (pid 12479) conn 0xb95b3728 >[2008/07/16 17:09:18, 4] smbd/uid.c:change_to_user(182) > change_to_user: Skipping user change - already user >[2008/07/16 17:09:18, 3] smbd/reply.c:reply_printclose(4665) > printclose fd=29 fnum=7473 >[2008/07/16 17:09:18, 10] printing/printing.c:rap_to_pjobid(110) > rap_to_pjobid called. >[2008/07/16 17:09:18, 10] printing/printing.c:rap_to_pjobid(125) > rap_to_pjobid: jobid 182 maps to RAP jobid 1 >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(340) > print_job_find: looking up job 182 for share zetahack >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(369) > print_job_find: returning system job -1 for jobid 182. >[2008/07/16 17:09:18, 5] printing/printing.c:print_job_end(2556) > print_job_end: canceling spool of /var/spool/samba/smbprn.00000182.WgEvpc (zero length) >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(340) > print_job_find: looking up job 182 for share zetahack >[2008/07/16 17:09:18, 10] printing/printing.c:print_job_find(369) > print_job_find: returning system job -1 for jobid 182. >[2008/07/16 17:09:18, 5] printing/notify.c:send_spoolss_notify2_msg(298) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer zetahack to notify_queue_head >[2008/07/16 17:09:18, 10] printing/printing.c:remove_from_jobs_changed(1909) > remove_from_jobs_changed: removed jobid 182 >[2008/07/16 17:09:18, 10] printing/printing.c:rap_jobid_delete(143) > rap_jobid_delete: called. >[2008/07/16 17:09:18, 10] printing/printing.c:rap_jobid_delete(163) > rap_jobid_delete: deleting jobid 182 >[2008/07/16 17:09:18, 5] smbd/files.c:file_free(428) > freed files structure 7473 (0 used) >[2008/07/16 17:09:19, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:19, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:19, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:19, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:19, 5] printing/notify.c:print_notify_send_messages_to_printer(171) > print_notify_send_messages_to_printer: sending 8 print notify messages to printer zetahack >[2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) > Yielding connection to >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key B9300000FFFFFFFF0000 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95aec68 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key B9300000FFFFFFFF0000 >[2008/07/16 17:09:25, 3] smbd/server.c:exit_server_common(944) > Server exit (normal exit) >[2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) > Yielding connection to >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key BE300000FFFFFFFF0000 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) >[2008/07/16 17:09:25, 10] smbd/process.c:async_processing(649) > Allocated locked data 0x0xb95abe60 >[2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(42) > deleting connection record returned NT_STATUS_NOT_FOUND >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key BE300000FFFFFFFF0000 >[2008/07/16 17:09:25, 3] smbd/server.c:exit_server_common(944) > Server exit (normal exit) > async_processing: Doing async processing. >[2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:25, 1] smbd/service.c:close_cnum(1401) > __ffff_62.177.168.80 (::ffff:62.177.168.80) closed connection to service zetahack >[2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) > Yielding connection to zetahack >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key BF300000020000007A65 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95b4290 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key BF300000020000007A65 >[2008/07/16 17:09:25, 4] smbd/vfs.c:vfs_ChDir(733) > vfs_ChDir to / >[2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:25, 4] smbd/vfs.c:vfs_ChDir(733) > vfs_ChDir to /tmp >[2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:25, 3] smbd/service.c:close_cnum(1401) > __ffff_62.177.168.80 (::ffff:62.177.168.80) closed connection to service IPC$ >[2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) > Yielding connection to IPC$ >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key BF300000010000004950 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95b3728 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key BF300000010000004950 >[2008/07/16 17:09:25, 4] smbd/vfs.c:vfs_ChDir(733) > vfs_ChDir to / >[2008/07/16 17:09:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_nt_user_token(464) > NT user token: (NULL) >[2008/07/16 17:09:25, 5] auth/token_util.c:debug_unix_user_token(490) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/07/16 17:09:25, 5] smbd/uid.c:change_to_root_user(287) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 49442F31323437392F31 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95b2090 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 49442F31323437392F31 >[2008/07/16 17:09:25, 3] smbd/connection.c:yield_connection(31) > Yielding connection to >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key BF300000FFFFFFFF0000 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0xb95b12e8 >[2008/07/16 17:09:25, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key BF300000FFFFFFFF0000 >[2008/07/16 17:09:25, 3] smbd/server.c:exit_server_common(944) > Server exit (termination signal)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3416">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 5617
:
3415
| 3416 |
3417
|
3470
|
3471
|
3475