The Samba-Bugzilla – Attachment 356 Details for
Bug 954
smbd segfault when creating a file/dir only when running under valgrind
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
The full log.smbd
valgrind.smbd.panic.out (text/plain), 333.46 KB, created by
Marc Kaplan
on 2004-01-08 22:18:08 UTC
(
hide
)
Description:
The full log.smbd
Filename:
MIME Type:
Creator:
Marc Kaplan
Created:
2004-01-08 22:18:08 UTC
Size:
333.46 KB
patch
obsolete
>lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >make_user_info_map: Mapping user [NL]\[nl_User6] from workstation [NEWVM-WIN2KPRO1] >Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 > >no entry for trusted domain NL found. >attempting to make a user_info for nl_User6 (nl_User6) >making strings for nl_User6's user_info struct >making blobs for nl_User6's user_info struct >made an encrypted user_info for nl_User6 (nl_User6) >check_ntlm_password: Checking password for unmapped user [NL]\[nl_User6]@[NEWVM-WIN2KPRO1] with the new password interface >check_ntlm_password: mapped user is: [NORTHAMERICA]\[nl_User6]@[NEWVM-WIN2KPRO1] >check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >challenge is: >[000] 99 FA B4 02 ED A8 FF 93 .ú´.í¨ÿ. >check_ntlm_password: guest had nothing to say >is_myname("NORTHAMERICA") returns 0 >check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) >check_ntlm_password: sam had nothing to say >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: winbind authentication for user [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER >check_ntlm_password: Authentication for user [nl_User6] -> [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER >attempting to free (and zero) a user_info structure >structure was created for nl_User6 >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 214 >got message type 0x0 of len 0xd6 >Transaction 22 of length 218 >size=214 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=64768 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 214 (0xD6) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 83 (0x53) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=155 >[000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... .. G0E . >[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7...¢3 >[020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .1NTLMSS P......² >[030] 08 E0 02 00 02 00 2F 00 00 00 0F 00 0F 00 20 00 .à..../. ...... . >[040] 00 00 4E 45 57 56 4D 2D 57 49 4E 32 4B 50 52 4F ..NEWVM- WIN2KPRO >[050] 31 4E 4C 57 00 69 00 6E 00 64 00 6F 00 77 00 73 1NLW.i.n .d.o.w.s >[060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 >[070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o >[080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got OID 1 3 6 1 4 1 311 2 2 10 >Got secblob of size 49 >Making default auth method list for security=ADS >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match winbind:ntdomain >load_auth_module: Attempting to find an auth method to match ntdomain >load_auth_module: auth method ntdomain has a valid init >load_auth_module: auth method winbind has a valid init >Got NTLMSSP neg_flags=0xe008b297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED > NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: module winbind did not want to specify a challenge >auth_context challenge created by random >challenge is: >[000] 59 33 AF 40 94 67 9E E4 Y3¯@.g.ä >write_socket(16,318) >write_socket(16,318) wrote 318 >got smb length of 322 >got message type 0x0 of len 0x142 >Transaction 23 of length 326 >size=322 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=64832 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 322 (0x142) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 190 (0xBE) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=263 >[000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM >[010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... >[020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... >[030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... >[040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. >[050] 6E 00 6C 00 5F 00 55 00 73 00 65 00 72 00 36 00 n.l._.U. s.e.r.6. >[060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. >[070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 39 1B N.2.K.P. R.O.1.9. >[080] 6C DD 4C 64 F5 A4 00 00 00 00 00 00 00 00 00 00 lÝLdõ¤.. ........ >[090] 00 00 00 00 00 00 FB A4 FC FD EF 24 F5 07 4F 19 ......û¤ üýï$õ.O. >[0A0] 71 B8 C8 BC C9 0F B8 C6 13 58 07 64 FE D4 21 65 q¸È¼É.¸Æ .X.dþÔ!e >[0B0] 38 DA E3 C1 06 FD 00 79 6D 50 81 B2 7E 2E 00 57 8ÚãÁ.ý.y mP.²~..W >[0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 >[0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. >[100] 00 30 00 00 00 00 00 .0..... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got user=[nl_User6] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 >auth_context challenge set by NTLMSSP callback (NTLM2) >challenge is: >[000] 0A 1E 2E 8F 0C 55 B0 A3 .....U°£ >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >make_user_info_map: Mapping user [NL]\[nl_User6] from workstation [NEWVM-WIN2KPRO1] >Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 > >no entry for trusted domain NL found. >attempting to make a user_info for nl_User6 (nl_User6) >making strings for nl_User6's user_info struct >making blobs for nl_User6's user_info struct >made an encrypted user_info for nl_User6 (nl_User6) >check_ntlm_password: Checking password for unmapped user [NL]\[nl_User6]@[NEWVM-WIN2KPRO1] with the new password interface >check_ntlm_password: mapped user is: [NORTHAMERICA]\[nl_User6]@[NEWVM-WIN2KPRO1] >check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >challenge is: >[000] 0A 1E 2E 8F 0C 55 B0 A3 .....U°£ >check_ntlm_password: guest had nothing to say >is_myname("NORTHAMERICA") returns 0 >check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) >check_ntlm_password: sam had nothing to say >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: winbind authentication for user [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER >check_ntlm_password: Authentication for user [nl_User6] -> [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER >attempting to free (and zero) a user_info structure >structure was created for nl_User6 >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 214 >got message type 0x0 of len 0xd6 >Transaction 24 of length 218 >size=214 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=64896 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 214 (0xD6) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 83 (0x53) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=155 >[000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... .. G0E . >[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7...¢3 >[020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .1NTLMSS P......² >[030] 08 E0 02 00 02 00 2F 00 00 00 0F 00 0F 00 20 00 .à..../. ...... . >[040] 00 00 4E 45 57 56 4D 2D 57 49 4E 32 4B 50 52 4F ..NEWVM- WIN2KPRO >[050] 31 4E 4C 57 00 69 00 6E 00 64 00 6F 00 77 00 73 1NLW.i.n .d.o.w.s >[060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 >[070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o >[080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got OID 1 3 6 1 4 1 311 2 2 10 >Got secblob of size 49 >Making default auth method list for security=ADS >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match winbind:ntdomain >load_auth_module: Attempting to find an auth method to match ntdomain >load_auth_module: auth method ntdomain has a valid init >load_auth_module: auth method winbind has a valid init >Got NTLMSSP neg_flags=0xe008b297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED > NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: module winbind did not want to specify a challenge >auth_context challenge created by random >challenge is: >[000] C5 99 8F 7C A1 43 A4 D2 Å..|¡C¤Ò >write_socket(16,318) >write_socket(16,318) wrote 318 >got smb length of 322 >got message type 0x0 of len 0x142 >Transaction 25 of length 326 >size=322 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=64960 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 322 (0x142) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 190 (0xBE) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=263 >[000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM >[010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... >[020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... >[030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... >[040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. >[050] 6E 00 6C 00 5F 00 55 00 73 00 65 00 72 00 36 00 n.l._.U. s.e.r.6. >[060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. >[070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 03 91 N.2.K.P. R.O.1... >[080] 27 D7 FE 35 AD 0F 00 00 00 00 00 00 00 00 00 00 '×þ5... ........ >[090] 00 00 00 00 00 00 0B 4E 02 97 EE 0B 08 02 A6 95 .......N ..î...¦. >[0A0] A0 18 01 45 61 C6 1F 4C B7 52 2B CA EE D4 59 91 ..EaÆ.L ·R+ÊîÔY. >[0B0] 7E 1A 87 89 4F 79 B4 B3 11 4F DE 0F BC B9 00 57 ~...Oy´³ .OÞ.¼¹.W >[0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 >[0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. >[100] 00 30 00 00 00 00 00 .0..... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got user=[nl_User6] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 >auth_context challenge set by NTLMSSP callback (NTLM2) >challenge is: >[000] 6C C0 7D 14 1E AB 1E 65 lÀ}..«.e >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >make_user_info_map: Mapping user [NL]\[nl_User6] from workstation [NEWVM-WIN2KPRO1] >Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 > >no entry for trusted domain NL found. >attempting to make a user_info for nl_User6 (nl_User6) >making strings for nl_User6's user_info struct >making blobs for nl_User6's user_info struct >made an encrypted user_info for nl_User6 (nl_User6) >check_ntlm_password: Checking password for unmapped user [NL]\[nl_User6]@[NEWVM-WIN2KPRO1] with the new password interface >check_ntlm_password: mapped user is: [NORTHAMERICA]\[nl_User6]@[NEWVM-WIN2KPRO1] >check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >challenge is: >[000] 6C C0 7D 14 1E AB 1E 65 lÀ}..«.e >check_ntlm_password: guest had nothing to say >is_myname("NORTHAMERICA") returns 0 >check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) >check_ntlm_password: sam had nothing to say >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: winbind authentication for user [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER >check_ntlm_password: Authentication for user [nl_User6] -> [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER >attempting to free (and zero) a user_info structure >structure was created for nl_User6 >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 214 >got message type 0x0 of len 0xd6 >Transaction 26 of length 218 >size=214 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=65024 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 214 (0xD6) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 83 (0x53) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=155 >[000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... .. G0E . >[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7...¢3 >[020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .1NTLMSS P......² >[030] 08 E0 02 00 02 00 2F 00 00 00 0F 00 0F 00 20 00 .à..../. ...... . >[040] 00 00 4E 45 57 56 4D 2D 57 49 4E 32 4B 50 52 4F ..NEWVM- WIN2KPRO >[050] 31 4E 4C 57 00 69 00 6E 00 64 00 6F 00 77 00 73 1NLW.i.n .d.o.w.s >[060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 >[070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o >[080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got OID 1 3 6 1 4 1 311 2 2 10 >Got secblob of size 49 >Making default auth method list for security=ADS >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match winbind:ntdomain >load_auth_module: Attempting to find an auth method to match ntdomain >load_auth_module: auth method ntdomain has a valid init >load_auth_module: auth method winbind has a valid init >Got NTLMSSP neg_flags=0xe008b297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED > NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: module winbind did not want to specify a challenge >auth_context challenge created by random >challenge is: >[000] 71 90 01 96 26 E4 44 AC q...&äD¬ >write_socket(16,318) >write_socket(16,318) wrote 318 >got smb length of 322 >got message type 0x0 of len 0x142 >Transaction 27 of length 326 >size=322 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=65088 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 322 (0x142) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 190 (0xBE) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=263 >[000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM >[010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... >[020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... >[030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... >[040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. >[050] 6E 00 6C 00 5F 00 55 00 73 00 65 00 72 00 36 00 n.l._.U. s.e.r.6. >[060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. >[070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 90 01 N.2.K.P. R.O.1... >[080] 07 0B 92 EB FF BD 00 00 00 00 00 00 00 00 00 00 ...ëÿ½.. ........ >[090] 00 00 00 00 00 00 10 47 14 98 54 8E 3D 7D 7E 43 .......G ..T.=}~C >[0A0] 46 C2 DD E4 FE 91 92 5A 71 2B 7E D8 0B 20 79 29 FÂÝäþ..Z q+~Ø. y) >[0B0] 1C F8 C7 FA F3 C8 08 03 CC EB E2 78 E4 26 00 57 .øÇúóÈ.. Ìëâxä&.W >[0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 >[0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. >[100] 00 30 00 00 00 00 00 .0..... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got user=[nl_User6] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 >auth_context challenge set by NTLMSSP callback (NTLM2) >challenge is: >[000] 0D 8E 52 2B DE A5 7A B9 ..R+Þ¥z¹ >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >make_user_info_map: Mapping user [NL]\[nl_User6] from workstation [NEWVM-WIN2KPRO1] >Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 > >no entry for trusted domain NL found. >attempting to make a user_info for nl_User6 (nl_User6) >making strings for nl_User6's user_info struct >making blobs for nl_User6's user_info struct >made an encrypted user_info for nl_User6 (nl_User6) >check_ntlm_password: Checking password for unmapped user [NL]\[nl_User6]@[NEWVM-WIN2KPRO1] with the new password interface >check_ntlm_password: mapped user is: [NORTHAMERICA]\[nl_User6]@[NEWVM-WIN2KPRO1] >check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >challenge is: >[000] 0D 8E 52 2B DE A5 7A B9 ..R+Þ¥z¹ >check_ntlm_password: guest had nothing to say >is_myname("NORTHAMERICA") returns 0 >check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) >check_ntlm_password: sam had nothing to say >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: winbind authentication for user [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER >check_ntlm_password: Authentication for user [nl_User6] -> [nl_User6] FAILED with error NT_STATUS_NO_SUCH_USER >attempting to free (and zero) a user_info structure >structure was created for nl_User6 >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 198 >got message type 0x0 of len 0xc6 >Transaction 28 of length 202 >size=198 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=65152 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 198 (0xC6) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 66 (0x42) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=139 >[000] 60 40 06 06 2B 06 01 05 05 02 A0 36 30 34 A0 0E `@..+... .. 604 . >[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 22 0...+... ..7...¢" >[020] 04 20 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 . NTLMSS P....... >[030] 08 E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .à...... ........ >[040] 00 00 D6 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ..ÖW.i.n .d.o.w.s >[050] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 >[060] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o >[070] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[080] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got OID 1 3 6 1 4 1 311 2 2 10 >Got secblob of size 32 >Making default auth method list for security=ADS >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match winbind:ntdomain >load_auth_module: Attempting to find an auth method to match ntdomain >load_auth_module: auth method ntdomain has a valid init >load_auth_module: auth method winbind has a valid init >Got NTLMSSP neg_flags=0xe0088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: module winbind did not want to specify a challenge >auth_context challenge created by random >challenge is: >[000] 4F 0D 7B FD 4F 06 11 F4 O.{ýO..ô >write_socket(16,318) >write_socket(16,318) wrote 318 >got smb length of 322 >got message type 0x0 of len 0x142 >Transaction 29 of length 326 >size=322 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=65216 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 322 (0x142) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 190 (0xBE) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=263 >[000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM >[010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... >[020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... >[030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... >[040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. >[050] 6E 00 61 00 5F 00 75 00 73 00 65 00 72 00 35 00 n.a._.u. s.e.r.5. >[060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. >[070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 FB 3D N.2.K.P. R.O.1.û= >[080] 3F 73 DB 14 08 85 00 00 00 00 00 00 00 00 00 00 ?sÛ..... ........ >[090] 00 00 00 00 00 00 E4 17 EE 95 72 89 0B 6E 90 7A ......ä. î.r..n.z >[0A0] 11 CB 76 C4 9D 21 71 8F 2C ED DD 85 78 F0 F0 0A .ËvÄ.!q. ,íÝ.xðð. >[0B0] 4E 7D 46 18 40 F7 F8 01 9E 71 E2 ED F5 EE 00 57 N}F.@÷ø. .qâíõî.W >[0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 >[0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. >[100] 00 30 00 00 00 00 00 .0..... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got user=[na_user5] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 >auth_context challenge set by NTLMSSP callback (NTLM2) >challenge is: >[000] A9 EC EA FB 0C 3E E0 80 ©ìêû.>à. >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >make_user_info_map: Mapping user [NL]\[na_user5] from workstation [NEWVM-WIN2KPRO1] >Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 > >no entry for trusted domain NL found. >attempting to make a user_info for na_user5 (na_user5) >making strings for na_user5's user_info struct >making blobs for na_user5's user_info struct >made an encrypted user_info for na_user5 (na_user5) >check_ntlm_password: Checking password for unmapped user [NL]\[na_user5]@[NEWVM-WIN2KPRO1] with the new password interface >check_ntlm_password: mapped user is: [NORTHAMERICA]\[na_user5]@[NEWVM-WIN2KPRO1] >check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >challenge is: >[000] A9 EC EA FB 0C 3E E0 80 ©ìêû.>à. >check_ntlm_password: guest had nothing to say >is_myname("NORTHAMERICA") returns 0 >check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) >check_ntlm_password: sam had nothing to say >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > 000000 net_io_user_info3 > 0000 ptr_user_info : 00020004 > 000004 smb_io_time logon time > 0004 low : 1a92c9f0 > 0008 high: 01c3b092 > 00000c smb_io_time logoff time > 000c low : ffffffff > 0010 high: 7fffffff > 000014 smb_io_time kickoff time > 0014 low : ffffffff > 0018 high: 7fffffff > 00001c smb_io_time last set time > 001c low : 00000000 > 0020 high: 00000000 > 000024 smb_io_time can change time > 0024 low : 2a69c000 > 0028 high: 000000c9 > 00002c smb_io_time must change time > 002c low : ffffffff > 0030 high: 7fffffff > 000034 smb_io_unihdr hdr_user_name > 0034 uni_str_len: 0010 > 0036 uni_max_len: 0012 > 0038 buffer : 00020008 > 00003c smb_io_unihdr hdr_full_name > 003c uni_str_len: 0000 > 003e uni_max_len: 0000 > 0040 buffer : 00000000 > 000044 smb_io_unihdr hdr_logon_script > 0044 uni_str_len: 0000 > 0046 uni_max_len: 0000 > 0048 buffer : 00000000 > 00004c smb_io_unihdr hdr_profile_path > 004c uni_str_len: 0000 > 004e uni_max_len: 0000 > 0050 buffer : 00000000 > 000054 smb_io_unihdr hdr_home_dir > 0054 uni_str_len: 0000 > 0056 uni_max_len: 0000 > 0058 buffer : 00000000 > 00005c smb_io_unihdr hdr_dir_drive > 005c uni_str_len: 0000 > 005e uni_max_len: 0000 > 0060 buffer : 00000000 > 0064 logon_count : 0002 > 0066 bad_pw_count : 0000 > 0068 user_rid : 0000046e > 006c group_rid : 00000201 > 0070 num_groups : 00000002 > 0074 buffer_groups : 0002000c > 0078 user_flgs : 00000120 > 007c user_sess_key: 8f fb 57 47 8e de c9 e2 0a 73 4c 22 ce b2 f1 98 > 00008c smb_io_unihdr hdr_logon_srv > 008c uni_str_len: 001c > 008e uni_max_len: 001e > 0090 buffer : 00020010 > 000094 smb_io_unihdr hdr_logon_dom > 0094 uni_str_len: 0018 > 0096 uni_max_len: 001a > 0098 buffer : 00020014 > 009c buffer_dom_id : 00020018 > 00a0 padding : 00 00 00 00 00 00 00 00 79 bc 95 0f b2 dd 1e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00c8 num_other_sids: 00000000 > 00cc buffer_other_sids: 00000000 > 0000d0 smb_io_unistr2 uni_user_name > 00d0 uni_max_len: 00000009 > 00d4 offset : 00000000 > 00d8 uni_str_len: 00000008 > 00dc buffer : n.a._.U.s.e.r.5. > 0000ec smb_io_unistr2 - NULL uni_full_name > 0000ec smb_io_unistr2 - NULL uni_logon_script > 0000ec smb_io_unistr2 - NULL uni_profile_path > 0000ec smb_io_unistr2 - NULL uni_home_dir > 0000ec smb_io_unistr2 - NULL uni_dir_drive > 00ec num_groups2 : 00000002 > 0000f0 smb_io_gid > 00f0 g_rid: 00000201 > 00f4 attr : 00000007 > 0000f8 smb_io_gid > 00f8 g_rid: 000023b8 > 00fc attr : 00000007 > 000100 smb_io_unistr2 uni_logon_srv > 0100 uni_max_len: 0000000f > 0104 offset : 00000000 > 0108 uni_str_len: 0000000e > 010c buffer : N.O.R.T.H.A.M.E.R.I.C.A.D.C. > 000128 smb_io_unistr2 uni_logon_dom > 0128 uni_max_len: 0000000d > 012c offset : 00000000 > 0130 uni_str_len: 0000000c > 0134 buffer : N.O.R.T.H.A.M.E.R.I.C.A. > 00014c smb_io_dom_sid2 > 014c num_auths: 00000004 > 000150 smb_io_dom_sid sid > 0150 sid_rev_num: 01 > 0151 num_auths : 04 > 0152 id_auth[0] : 00 > 0153 id_auth[1] : 00 > 0154 id_auth[2] : 00 > 0155 id_auth[3] : 00 > 0156 id_auth[4] : 00 > 0157 id_auth[5] : 05 > 0158 sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb >Finding user NORTHAMERICA\na_user5 >Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 >Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! >fill_sam_account: located username was [NORTHAMERICA\na_user5] >pdb_set_username: setting username NORTHAMERICA\na_user5, was >element 11 -> now SET >pdb_set_full_name: setting full name na_User5, was >element 12 -> now SET >pdb_set_unix_homedir: setting home dir /home/NORTHAMERICA/na_user5, was NULL >element 21 -> now SET >pdb_set_domain: setting domain THUNDERBIRD, was >pdb_set_user_sid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 >element 17 -> now SET >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 from rid 79856 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_group_sid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 >element 18 -> now SET >pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 from rid 64895 >Home server: thunderbird >pdb_set_profile_path: setting profile path \\thunderbird\NORTHAMERICA\na_user5\profile, was >Home server: thunderbird >pdb_set_homedir: setting home dir \\thunderbird\NORTHAMERICA\na_user5, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >pdb_set_nt_username: setting nt username na_User5, was >pdb_set_username: setting username na_User5, was NORTHAMERICA\na_user5 >pdb_set_domain: setting domain NORTHAMERICA, was THUNDERBIRD >pdb_set_user_sid: setting user sid S-1-5-21-2700928644-3666989044-3468193467-1134 >pdb_set_group_sid: setting group sid S-1-5-21-2700928644-3666989044-3468193467-513 >pdb_set_full_name: setting full name , was na_User5 >pdb_set_logon_script: setting logon script , was >pdb_set_profile_path: setting profile path , was \\thunderbird\NORTHAMERICA\na_user5\profile >pdb_set_homedir: setting home dir , was \\thunderbird\NORTHAMERICA\na_user5 >pdb_set_dir_drive: setting dir drive , was >get_user_groups: winbind_getgroups(NORTHAMERICA\na_user5): result = SUCCESS >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >fetch sid from gid cache 31947 -> S-1-5-21-2700928644-3666989044-3468193467-513 >fetch sid from gid cache 31956 -> S-1-5-21-2700928644-3666989044-3468193467-9144 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >check_ntlm_password: winbind authentication for user [na_user5] succeeded >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: PAM Account for user [NORTHAMERICA\na_user5] succeeded >check_ntlm_password: authentication for user [na_user5] -> [na_user5] -> [NORTHAMERICA\na_user5] succeeded >attempting to free (and zero) a user_info structure >structure was created for na_user5 >Got NT session key of length 16 >Got LM session key of length 16 >ntlmssp_server_auth: Created NTLM2 session key. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >register_vuid: allocated vuid = 101 >register_vuid: (39428,31947) NORTHAMERICA\na_user5 na_user5 NORTHAMERICA guest=0 >User name: NORTHAMERICA\na_user5 Real name: >UNIX uid 39428 is UNIX user NORTHAMERICA\na_user5, and will be vuid 101 >Adding/updating homes service for user 'NORTHAMERICA\na_user5' using home directory: '/home/NORTHAMERICA/na_user5' >lp_servicenumber: couldn't find homes >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 30 of length 92 >size=88 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=101 >smb_mid=65280 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=45 >[000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E >[010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 49 00 50 .R.B.I.R .D.\.I.P >[020] 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .C.$...? ????. >switch message SMBtconX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [IPC$] >making a connection to 'normal' service ipc$ >Finding user NORTHAMERICA\na_user5 >Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 >Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! >Connect path is '/tmp' for service [IPC$] >get_share_security: using default secdesc for IPC$ >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. >se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >Initialising default vfs hooks >claiming IPC$ 0 >get_share_security: using default secdesc for IPC$ >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. >se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >se_access_check: access (1) granted. >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >newvm-win2kpro1 (10.33.1.222) connect to service IPC$ initially as user NORTHAMERICA\na_user5 (uid=39428, gid=31947) (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=IPC$ >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=65280 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >write_socket(16,52) >write_socket(16,52) wrote 52 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 31 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=65344 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[010] 00 . >switch message SMBntcreateX (pid 11222) >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >vfs_ChDir to /tmp >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \srvsvc. >nt_open_pipe: Known pipe srvsvc opening. >Open pipe requested srvsvc (pipes_open=0) >Create pipe requested srvsvc >init_pipe_handles: created handle list for pipe srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >Created internal pipe srvsvc (pipes_open=0) >Opened pipe srvsvc with handle 757b (pipes_open=1) >open pipes: name srvsvc pnum=757b >do_ntcreate_pipe_open: open pipe = \srvsvc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=65344 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=31488 (0x7B00) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 32 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=65408 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30075 (0x757B) >smb_bcc=89 >[000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 2E .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná >[040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757b >pipe name srvsvc pnum=757b (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 757b)api_fd_reply: p:0x422db114 max_trans_reply: 1024 >write_to_pipe: 757b name: srvsvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\ntsvcs. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 757b name: srvsvc len: 1024 >read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=65408 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 180 >got message type 0x0 of len 0xb4 >Transaction 33 of length 184 >size=180 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=65472 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 96 (0x60) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30075 (0x757B) >smb_bcc=113 >[000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 2E .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 60 00 00 00 01 00 00 ........ .`...... >[020] 00 48 00 00 00 00 00 0F 00 CC 6B CF 00 0E 00 00 .H...... .ÌkÏ.... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h >[040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r >[050] 00 64 00 00 00 01 00 00 00 01 00 00 00 4C D3 FA .d...... .....LÓú >[060] 03 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 ........ .ÿÿÿÿ... >[070] 00 . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=96 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757b >pipe name srvsvc pnum=757b (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 757b)api_fd_reply: p:0x422db114 max_trans_reply: 1024 >write_to_pipe: 757b name: srvsvc open: Yes len: 96 >write_to_pipe: data_left = 96 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 >fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 80 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 80 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 80, incoming data = 80 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000048 > 0004 context_id: 0000 > 0006 opnum : 000f >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\srvsvc >api_rpcTNP: srvsvc op 0xf - api_rpcTNP: rpc command: SRV_NET_SHARE_ENUM_ALL >api_rpc_cmds[2].fn == 0x80fa210 >000000 srv_io_q_net_share_enum > 0000 ptr_srv_name: 00cf6bcc > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 offset : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... > 00002c srv_io_srv_share_ctr share_ctr > 002c info_level: 00000001 > 0030 switch_value: 00000001 > 0034 ptr_share_info: 03fad34c > 0038 num_entries: 00000000 > 003c ptr_entries: 00000000 > 0040 preferred_len: ffffffff > 000044 smb_io_enum_hnd enum_hnd > 0044 ptr_hnd: 00000000 >_srv_net_share_enum: 1343 >init_srv_r_net_share_enum: 715 >init_srv_share_info_ctr >init_srv_share_info1: vm-source 0 >init_srv_share_info1_str >init_srv_share_info1: public 0 >init_srv_share_info1_str >init_srv_share_info1: newtest 0 >init_srv_share_info1_str >init_srv_share_info1: IPC$ 3 IPC Service (Samba TIP test server: ThunderBird) >init_srv_share_info1_str >init_srv_share_info1: ADMIN$ 3 IPC Service (Samba TIP test server: ThunderBird) >init_srv_share_info1_str >smb_io_enum_hnd >_srv_net_share_enum: 1355 >000000 srv_io_r_net_share_enum > 000000 srv_io_srv_share_ctr share_ctr > 0000 info_level: 00000001 > 0004 switch_value: 00000001 > 0008 ptr_share_info: 00000001 > 000c num_entries: 00000005 > 0010 ptr_entries: 00000001 > 0014 num_entries2: 00000005 > 000018 srv_io_share_info1 > 0018 ptr_netname: 00000001 > 001c type : 00000000 > 0020 ptr_remark : 00000001 > 000024 srv_io_share_info1 > 0024 ptr_netname: 00000001 > 0028 type : 00000000 > 002c ptr_remark : 00000001 > 000030 srv_io_share_info1 > 0030 ptr_netname: 00000001 > 0034 type : 00000000 > 0038 ptr_remark : 00000001 > 00003c srv_io_share_info1 > 003c ptr_netname: 00000001 > 0040 type : 00000003 > 0044 ptr_remark : 00000001 > 000048 srv_io_share_info1 > 0048 ptr_netname: 00000001 > 004c type : 00000003 > 0050 ptr_remark : 00000001 > 000054 srv_io_share_info1_str > 000054 smb_io_unistr2 > 0054 uni_max_len: 0000000a > 0058 offset : 00000000 > 005c uni_str_len: 0000000a > 0060 buffer : v.m.-.s.o.u.r.c.e... > 000074 smb_io_unistr2 > 0074 uni_max_len: 00000001 > 0078 offset : 00000000 > 007c uni_str_len: 00000001 > 0080 buffer : .. > 000082 srv_io_share_info1_str > 000084 smb_io_unistr2 > 0084 uni_max_len: 00000007 > 0088 offset : 00000000 > 008c uni_str_len: 00000007 > 0090 buffer : p.u.b.l.i.c... > 0000a0 smb_io_unistr2 > 00a0 uni_max_len: 00000001 > 00a4 offset : 00000000 > 00a8 uni_str_len: 00000001 > 00ac buffer : .. > 0000ae srv_io_share_info1_str > 0000b0 smb_io_unistr2 > 00b0 uni_max_len: 00000008 > 00b4 offset : 00000000 > 00b8 uni_str_len: 00000008 > 00bc buffer : n.e.w.t.e.s.t... > 0000cc smb_io_unistr2 > 00cc uni_max_len: 00000001 > 00d0 offset : 00000000 > 00d4 uni_str_len: 00000001 > 00d8 buffer : .. > 0000da srv_io_share_info1_str > 0000dc smb_io_unistr2 > 00dc uni_max_len: 00000005 > 00e0 offset : 00000000 > 00e4 uni_str_len: 00000005 > 00e8 buffer : I.P.C.$... > 0000f4 smb_io_unistr2 > 00f4 uni_max_len: 00000031 > 00f8 offset : 00000000 > 00fc uni_str_len: 00000031 > 0100 buffer : I.P.C. .S.e.r.v.i.c.e. .(.S.a.m.b.a. .T.I.P. .t.e.s.t. .s.e.r.v.e.r.:. .T.h.u.n.d.e.r.B.i.r.d.)... > 000162 srv_io_share_info1_str > 000164 smb_io_unistr2 > 0164 uni_max_len: 00000007 > 0168 offset : 00000000 > 016c uni_str_len: 00000007 > 0170 buffer : A.D.M.I.N.$... > 000180 smb_io_unistr2 > 0180 uni_max_len: 00000031 > 0184 offset : 00000000 > 0188 uni_str_len: 00000031 > 018c buffer : I.P.C. .S.e.r.v.i.c.e. .(.S.a.m.b.a. .T.I.P. .t.e.s.t. .s.e.r.v.e.r.:. .T.h.u.n.d.e.r.B.i.r.d.)... > 01f0 total_entries: 00000005 > 0001f4 smb_io_enum_hnd enum_hnd > 01f4 ptr_hnd: 00000000 > 01f8 status: WERR_OK >api_rpcTNP: called srvsvc successfully >free_pipe_context: destroying talloc pool of size 5388 >write_to_pipe: data_used = 80 >read_from_pipe: 757b name: srvsvc len: 1024 >read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 508. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0214 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 000001fc > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..532] >size=588 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=65472 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 532 (0x214) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 532 (0x214) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=533 >[000] 00 05 00 02 03 10 00 00 00 14 02 00 00 01 00 00 ........ ........ >[010] 00 FC 01 00 00 00 00 00 00 01 00 00 00 01 00 00 .ü...... ........ >[020] 00 01 00 00 00 05 00 00 00 01 00 00 00 05 00 00 ........ ........ >[030] 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 ........ ........ >[050] 00 01 00 00 00 01 00 00 00 03 00 00 00 01 00 00 ........ ........ >[060] 00 01 00 00 00 03 00 00 00 01 00 00 00 0A 00 00 ........ ........ >[070] 00 00 00 00 00 0A 00 00 00 76 00 6D 00 2D 00 73 ........ .v.m.-.s >[080] 00 6F 00 75 00 72 00 63 00 65 00 00 00 01 00 00 .o.u.r.c .e...... >[090] 00 00 00 00 00 01 00 00 00 00 00 00 00 07 00 00 ........ ........ >[0A0] 00 00 00 00 00 07 00 00 00 70 00 75 00 62 00 6C ........ .p.u.b.l >[0B0] 00 69 00 63 00 00 00 00 00 01 00 00 00 00 00 00 .i.c.... ........ >[0C0] 00 01 00 00 00 00 00 00 00 08 00 00 00 00 00 00 ........ ........ >[0D0] 00 08 00 00 00 6E 00 65 00 77 00 74 00 65 00 73 .....n.e .w.t.e.s >[0E0] 00 74 00 00 00 01 00 00 00 00 00 00 00 01 00 00 .t...... ........ >[0F0] 00 00 00 00 00 05 00 00 00 00 00 00 00 05 00 00 ........ ........ >[100] 00 49 00 50 00 43 00 24 00 00 00 00 00 31 00 00 .I.P.C.$ .....1.. >[110] 00 00 00 00 00 31 00 00 00 49 00 50 00 43 00 20 .....1.. .I.P.C. >[120] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. >[130] 00 28 00 53 00 61 00 6D 00 62 00 61 00 20 00 54 .(.S.a.m .b.a. .T >[140] 00 49 00 50 00 20 00 74 00 65 00 73 00 74 00 20 .I.P. .t .e.s.t. >[150] 00 73 00 65 00 72 00 76 00 65 00 72 00 3A 00 20 .s.e.r.v .e.r.:. >[160] 00 54 00 68 00 75 00 6E 00 64 00 65 00 72 00 42 .T.h.u.n .d.e.r.B >[170] 00 69 00 72 00 64 00 29 00 00 00 00 00 07 00 00 .i.r.d.) ........ >[180] 00 00 00 00 00 07 00 00 00 41 00 44 00 4D 00 49 ........ .A.D.M.I >[190] 00 4E 00 24 00 00 00 00 00 31 00 00 00 00 00 00 .N.$.... .1...... >[1A0] 00 31 00 00 00 49 00 50 00 43 00 20 00 53 00 65 .1...I.P .C. .S.e >[1B0] 00 72 00 76 00 69 00 63 00 65 00 20 00 28 00 53 .r.v.i.c .e. .(.S >[1C0] 00 61 00 6D 00 62 00 61 00 20 00 54 00 49 00 50 .a.m.b.a . .T.I.P >[1D0] 00 20 00 74 00 65 00 73 00 74 00 20 00 73 00 65 . .t.e.s .t. .s.e >[1E0] 00 72 00 76 00 65 00 72 00 3A 00 20 00 54 00 68 .r.v.e.r .:. .T.h >[1F0] 00 75 00 6E 00 64 00 65 00 72 00 42 00 69 00 72 .u.n.d.e .r.B.i.r >write_socket(16,592) >write_socket(16,592) wrote 592 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 34 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=0 >smt_wct=3 >smb_vwv[ 0]=30075 (0x757B) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=757b >pipe name srvsvc pnum=757b (pipes_open=1) >reply_pipe_close: pnum:757b >close_policy_by_pipe: deleted handle list for pipe srvsvc >closed pipe name srvsvc pnum=757b (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=0 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 102 >got message type 0x0 of len 0x66 >Transaction 35 of length 106 >size=102 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=432 >smb_uid=101 >smb_mid=64 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 4096 (0x1000) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=19 >[000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s >[010] 00 00 00 ... >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \spoolss. >nt_open_pipe: Known pipe spoolss opening. >Open pipe requested spoolss (pipes_open=0) >Create pipe requested spoolss >init_pipe_handles: created handle list for pipe spoolss >init_pipe_handles: pipe_handles ref count = 1 for pipe spoolss >Created internal pipe spoolss (pipes_open=0) >Opened pipe spoolss with handle 757c (pipes_open=1) >open pipes: name spoolss pnum=757c >do_ntcreate_pipe_open: open pipe = \spoolss >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=432 >smb_uid=101 >smb_mid=64 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=31744 (0x7C00) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 36 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=432 >smb_uid=101 >smb_mid=128 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30076 (0x757C) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.Í «ï..#Eg. >[040] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 «.....]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757c >pipe name spoolss pnum=757c (pipes_open=1) >Got API command 0x26 on pipe "spoolss" (pnum 757c)api_fd_reply: p:0x41e72db0 max_trans_reply: 1024 >write_to_pipe: 757c name: spoolss open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 12345678 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ab > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\spoolss >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000e > 000a str: \PIPE\spoolss. > 000018 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 757c name: spoolss len: 1024 >read_from_pipe: spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=432 >smb_uid=101 >smb_mid=128 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 73 70 6F 6F 6C 73 73 00 01 00 00 00 00 00 00 \spoolss ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 286 >got message type 0x0 of len 0x11e >Transaction 37 of length 290 >size=286 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=432 >smb_uid=101 >smb_mid=192 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 202 (0xCA) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 202 (0xCA) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30076 (0x757C) >smb_bcc=219 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 CA 00 00 00 01 00 00 ........ .Ê...... >[020] 00 B2 00 00 00 00 00 45 00 B0 8E C9 00 0E 00 00 .².....E .°.É.... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h >[040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r >[050] 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .d...... ........ >[060] 00 00 00 00 00 01 00 00 00 01 00 00 00 A0 F7 D5 ........ ..... ÷Õ >[070] 00 1C 00 00 00 78 78 C9 00 8C F5 D5 00 93 08 00 .....xxÉ ..õÕ.... >[080] 00 03 00 00 00 00 00 00 00 00 00 00 00 12 00 00 ........ ........ >[090] 00 00 00 00 00 12 00 00 00 5C 00 5C 00 4E 00 45 ........ .\.\.N.E >[0A0] 00 57 00 56 00 4D 00 2D 00 57 00 49 00 4E 00 32 .W.V.M.- .W.I.N.2 >[0B0] 00 4B 00 50 00 52 00 4F 00 31 00 00 00 09 00 00 .K.P.R.O .1...... >[0C0] 00 00 00 00 00 09 00 00 00 6E 00 6C 00 5F 00 75 ........ .n.l._.u >[0D0] 00 73 00 65 00 72 00 36 00 00 00 .s.e.r.6 ... >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=202 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757c >pipe name spoolss pnum=757c (pipes_open=1) >Got API command 0x26 on pipe "spoolss" (pnum 757c)api_fd_reply: p:0x41e72db0 max_trans_reply: 1024 >write_to_pipe: 757c name: spoolss open: Yes len: 202 >write_to_pipe: data_left = 202 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 202 >fill_rpc_header: data_to_copy = 202, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 186 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 186 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00ca > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 186 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 186, incoming data = 186 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 000000b2 > 0004 context_id: 0000 > 0006 opnum : 0045 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\spoolss >api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >api_rpc_cmds[1].fn == 0x80ffe80 >000000 spoolss_io_q_open_printer_ex > 0000 printername_ptr: 00c98eb0 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 offset : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... > 00002c spoolss_io_printer_default > 002c datatype_ptr: 00000000 > 000030 smb_io_unistr2 - NULL datatype > 000030 spoolss_io_devmode_cont > 0030 size: 00000000 > 0034 devmode_ptr: 00000000 > 0038 access_required: 00000000 > 003c user_switch: 00000001 > 000040 spool_io_user_level > 0040 level: 00000001 > 0044 ptr: 00d5f7a0 > 000048 > 0048 size: 0000001c > 004c client_name_ptr: 00c97878 > 0050 user_name_ptr: 00d5f58c > 0054 build: 00000893 > 0058 major: 00000003 > 005c minor: 00000000 > 0060 processor: 00000000 > 000064 smb_io_unistr2 > 0064 uni_max_len: 00000012 > 0068 offset : 00000000 > 006c uni_str_len: 00000012 > 0070 buffer : \.\.N.E.W.V.M.-.W.I.N.2.K.P.R.O.1... > 000094 smb_io_unistr2 > 0094 uni_max_len: 00000009 > 0098 offset : 00000000 > 009c uni_str_len: 00000009 > 00a0 buffer : n.l._.u.s.e.r.6... >checking name: \\thunderbird >open_printer_hnd: name [\\thunderbird] >Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....&þ? >[010] D6 2B 00 00 Ö+.. >Setting printer type=\\thunderbird >Printer is a print server >Setting printer name=\\thunderbird (len=13) >1 printer handles active >Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....&þ? >[010] D6 2B 00 00 Ö+.. >Setting print server access = SERVER_ACCESS_ENUMERATE >000000 spoolss_io_r_open_printer_ex > 000000 smb_io_pol_hnd printer handle > 0000 data1: 00000000 > 0004 data2: 00000001 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: ad 26 fe 3f d6 2b 00 00 > 0014 status code: WERR_OK >api_rpcTNP: called spoolss successfully >free_pipe_context: destroying talloc pool of size 82 >write_to_pipe: data_used = 186 >read_from_pipe: 757c name: spoolss len: 1024 >read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=432 >smb_uid=101 >smb_mid=192 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ >[020] 00 00 00 00 00 AD 26 FE 3F D6 2B 00 00 00 00 00 .....&þ ?Ö+..... >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 38 of length 132 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=432 >smb_uid=101 >smb_mid=256 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30076 (0x757C) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 02 00 00 ........ .,...... >[020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 01 00 00 ........ ........ >[030] 00 00 00 00 00 AD 26 FE 3F D6 2B 00 00 .....&þ ?Ö+.. >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757c >pipe name spoolss pnum=757c (pipes_open=1) >Got API command 0x26 on pipe "spoolss" (pnum 757c)api_fd_reply: p:0x41e72db0 max_trans_reply: 1024 >write_to_pipe: 757c name: spoolss open: Yes len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000002 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 001d >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\spoolss >api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >api_rpc_cmds[3].fn == 0x8100250 >000000 spoolss_io_q_closeprinter > 000000 smb_io_pol_hnd printer handle > 0000 data1: 00000000 > 0004 data2: 00000001 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: ad 26 fe 3f d6 2b 00 00 >Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....&þ? >[010] D6 2B 00 00 Ö+.. >Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....&þ? >[010] D6 2B 00 00 Ö+.. >Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 AD 26 FE 3F ........ ....&þ? >[010] D6 2B 00 00 Ö+.. >Closed policy >000000 spoolss_io_r_closeprinter > 000000 smb_io_pol_hnd printer handle > 0000 data1: 00000000 > 0004 data2: 00000000 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 00 00 00 00 00 00 00 00 > 0014 status: WERR_OK >api_rpcTNP: called spoolss successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 28 >read_from_pipe: 757c name: spoolss len: 1024 >read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=432 >smb_uid=101 >smb_mid=256 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 39 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=320 >smt_wct=3 >smb_vwv[ 0]=30076 (0x757C) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=757c >pipe name spoolss pnum=757c (pipes_open=1) >reply_pipe_close: pnum:757c >close_policy_by_pipe: deleted handle list for pipe spoolss >closed pipe name spoolss pnum=757c (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=320 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 40 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=384 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[000] E2 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 â\.w.k.s .s.v.c.. >[010] 00 . >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \wkssvc. >nt_open_pipe: Known pipe wkssvc opening. >Open pipe requested wkssvc (pipes_open=0) >Create pipe requested wkssvc >init_pipe_handles: created handle list for pipe wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc >Created internal pipe wkssvc (pipes_open=0) >Opened pipe wkssvc with handle 757d (pipes_open=1) >open pipes: name wkssvc pnum=757d >do_ntcreate_pipe_open: open pipe = \wkssvc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=384 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=32000 (0x7D00) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 41 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=448 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30077 (0x757D) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ..Ðÿk.¡. 6.3FÃø~4 >[040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757d >pipe name wkssvc pnum=757d (pipes_open=1) >Got API command 0x26 on pipe "wkssvc" (pnum 757d)api_fd_reply: p:0x4222e9c4 max_trans_reply: 1024 >write_to_pipe: 757d name: wkssvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\ntsvcs. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 757d name: wkssvc len: 1024 >read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=448 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 42 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=512 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30077 (0x757D) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 30 00 00 00 00 00 00 00 44 F6 CC 03 0E 00 00 .0...... .DöÌ.... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h >[040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r >[050] 00 64 00 00 00 64 00 00 00 .d...d.. . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757d >pipe name wkssvc pnum=757d (pipes_open=1) >Got API command 0x26 on pipe "wkssvc" (pnum 757d)api_fd_reply: p:0x4222e9c4 max_trans_reply: 1024 >write_to_pipe: 757d name: wkssvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000030 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\wkssvc >api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKS_Q_QUERY_INFO >api_rpc_cmds[0].fn == 0x80f5d70 >000000 wks_io_q_query_info > 0000 ptr_srv_name: 03ccf644 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 offset : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... > 002c switch_value: 0064 >_wks_query_info: 66 >create_wks_info_100: 40 >Init WKS_INFO_100: 79 >init_wks_r_unknown_0: 139 >_wks_query_info: 76 >000000 wks_io_r_query_info > 0000 switch_value: 0064 > 0004 ptr_1 : 00000001 > 000008 wks_io_wks_info_100 inf > 0008 platform_id : 000001f4 > 000c ptr_compname: 00000001 > 0010 ptr_lan_grp : 00000001 > 0014 ver_major : 00000004 > 0018 ver_minor : 00000009 > 00001c smb_io_unistr2 > 001c uni_max_len: 0000000c > 0020 offset : 00000000 > 0024 uni_str_len: 0000000c > 0028 buffer : T.H.U.N.D.E.R.B.I.R.D... > 000040 smb_io_unistr2 > 0040 uni_max_len: 0000000d > 0044 offset : 00000000 > 0048 uni_str_len: 0000000d > 004c buffer : N.O.R.T.H.A.M.E.R.I.C.A... > 0068 status : NT_STATUS_OK >api_rpcTNP: called wkssvc successfully >free_pipe_context: destroying talloc pool of size 1104 >write_to_pipe: data_used = 56 >read_from_pipe: 757d name: wkssvc len: 1024 >read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0084 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000006c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..132] >size=188 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=512 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 132 (0x84) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 132 (0x84) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=133 >[000] 00 05 00 02 03 10 00 00 00 84 00 00 00 01 00 00 ........ ........ >[010] 00 6C 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .l...... .d...... >[020] 00 F4 01 00 00 01 00 00 00 01 00 00 00 04 00 00 .ô...... ........ >[030] 00 09 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ >[040] 00 54 00 48 00 55 00 4E 00 44 00 45 00 52 00 42 .T.H.U.N .D.E.R.B >[050] 00 49 00 52 00 44 00 00 00 0D 00 00 00 00 00 00 .I.R.D.. ........ >[060] 00 0D 00 00 00 4E 00 4F 00 52 00 54 00 48 00 41 .....N.O .R.T.H.A >[070] 00 4D 00 45 00 52 00 49 00 43 00 41 00 00 00 00 .M.E.R.I .C.A.... >[080] 00 00 00 00 00 ..... >write_socket(16,192) >write_socket(16,192) wrote 192 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 43 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=576 >smt_wct=3 >smb_vwv[ 0]=30077 (0x757D) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=757d >pipe name wkssvc pnum=757d (pipes_open=1) >reply_pipe_close: pnum:757d >close_policy_by_pipe: deleted handle list for pipe wkssvc >closed pipe name wkssvc pnum=757d (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=576 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 44 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=640 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[010] 00 . >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \srvsvc. >nt_open_pipe: Known pipe srvsvc opening. >Open pipe requested srvsvc (pipes_open=0) >Create pipe requested srvsvc >init_pipe_handles: created handle list for pipe srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >Created internal pipe srvsvc (pipes_open=0) >Opened pipe srvsvc with handle 757e (pipes_open=1) >open pipes: name srvsvc pnum=757e >do_ntcreate_pipe_open: open pipe = \srvsvc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=640 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=32256 (0x7E00) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 45 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=704 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30078 (0x757E) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná >[040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757e >pipe name srvsvc pnum=757e (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 757e)api_fd_reply: p:0x41ef2078 max_trans_reply: 1024 >write_to_pipe: 757e name: srvsvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\ntsvcs. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 757e name: srvsvc len: 1024 >read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=704 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 46 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=768 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30078 (0x757E) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 30 00 00 00 00 00 15 00 44 F6 CC 03 0E 00 00 .0...... .DöÌ.... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h >[040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r >[050] 00 64 00 00 00 65 00 00 00 .d...e.. . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757e >pipe name srvsvc pnum=757e (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 757e)api_fd_reply: p:0x41ef2078 max_trans_reply: 1024 >write_to_pipe: 757e name: srvsvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000030 > 0004 context_id: 0000 > 0006 opnum : 0015 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\srvsvc >api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO >api_rpc_cmds[10].fn == 0x80f9ee0 >000000 srv_io_q_net_srv_get_info > 0000 ptr_srv_name : 03ccf644 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 offset : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... > 002c switch_value : 00000065 >srv_net_srv_get_info: 1199 >init_srv_info_101 >init_srv_r_net_srv_get_info >srv_net_srv_get_info: 1244 >000000 srv_io_r_net_srv_get_info > 000000 srv_io_info_ctr ctr > 0000 switch_value: 00000065 > 0004 ptr_srv_ctr : 00000001 > 000008 srv_io_info_101 sv101 > 0008 platform_id : 000001f4 > 000c ptr_name : 00000001 > 0010 ver_major : 00000004 > 0014 ver_minor : 00000009 > 0018 srv_type : 00009903 > 001c ptr_comment : 00000001 > 000020 smb_io_unistr2 uni_name > 0020 uni_max_len: 0000000c > 0024 offset : 00000000 > 0028 uni_str_len: 0000000c > 002c buffer : T.H.U.N.D.E.R.B.I.R.D... > 000044 smb_io_unistr2 uni_comment > 0044 uni_max_len: 00000023 > 0048 offset : 00000000 > 004c uni_str_len: 00000023 > 0050 buffer : S.a.m.b.a. .T.I.P. .t.e.s.t. .s.e.r.v.e.r.:. .T.h.u.n.d.e.r.B.i.r.d... > 0098 status: WERR_OK >api_rpcTNP: called srvsvc successfully >free_pipe_context: destroying talloc pool of size 1160 >write_to_pipe: data_used = 56 >read_from_pipe: 757e name: srvsvc len: 1024 >read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 156. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00b4 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000009c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..180] >size=236 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=768 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 180 (0xB4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 180 (0xB4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=181 >[000] 00 05 00 02 03 10 00 00 00 B4 00 00 00 01 00 00 ........ .´...... >[010] 00 9C 00 00 00 00 00 00 00 65 00 00 00 01 00 00 ........ .e...... >[020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 .ô...... ........ >[030] 00 03 99 00 00 01 00 00 00 0C 00 00 00 00 00 00 ........ ........ >[040] 00 0C 00 00 00 54 00 48 00 55 00 4E 00 44 00 45 .....T.H .U.N.D.E >[050] 00 52 00 42 00 49 00 52 00 44 00 00 00 23 00 00 .R.B.I.R .D...#.. >[060] 00 00 00 00 00 23 00 00 00 53 00 61 00 6D 00 62 .....#.. .S.a.m.b >[070] 00 61 00 20 00 54 00 49 00 50 00 20 00 74 00 65 .a. .T.I .P. .t.e >[080] 00 73 00 74 00 20 00 73 00 65 00 72 00 76 00 65 .s.t. .s .e.r.v.e >[090] 00 72 00 3A 00 20 00 54 00 68 00 75 00 6E 00 64 .r.:. .T .h.u.n.d >[0A0] 00 65 00 72 00 42 00 69 00 72 00 64 00 00 00 00 .e.r.B.i .r.d.... >[0B0] 00 00 00 00 00 ..... >write_socket(16,240) >write_socket(16,240) wrote 240 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 47 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=832 >smt_wct=3 >smb_vwv[ 0]=30078 (0x757E) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=757e >pipe name srvsvc pnum=757e (pipes_open=1) >reply_pipe_close: pnum:757e >close_policy_by_pipe: deleted handle list for pipe srvsvc >closed pipe name srvsvc pnum=757e (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=832 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 48 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=896 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 256 (0x100) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. >[010] 00 . >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \wkssvc. >nt_open_pipe: Known pipe wkssvc opening. >Open pipe requested wkssvc (pipes_open=0) >Create pipe requested wkssvc >init_pipe_handles: created handle list for pipe wkssvc >init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc >Created internal pipe wkssvc (pipes_open=0) >Opened pipe wkssvc with handle 757f (pipes_open=1) >open pipes: name wkssvc pnum=757f >do_ntcreate_pipe_open: open pipe = \wkssvc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=896 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=32512 (0x7F00) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 49 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=960 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30079 (0x757F) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ..Ðÿk.¡. 6.3FÃø~4 >[040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757f >pipe name wkssvc pnum=757f (pipes_open=1) >Got API command 0x26 on pipe "wkssvc" (pnum 757f)api_fd_reply: p:0x41f06090 max_trans_reply: 1024 >write_to_pipe: 757f name: wkssvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 6bffd098 > 0014 data : a112 > 0016 data : 3610 > 0018 data : 98 33 > 001a data : 46 c3 f8 7e 34 5a > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\wkssvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\ntsvcs. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 757f name: wkssvc len: 1024 >read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=960 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 50 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1024 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30079 (0x757F) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 30 00 00 00 00 00 00 00 44 F6 CC 03 0E 00 00 .0...... .DöÌ.... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h >[040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r >[050] 00 64 00 00 00 64 00 00 00 .d...d.. . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=757f >pipe name wkssvc pnum=757f (pipes_open=1) >Got API command 0x26 on pipe "wkssvc" (pnum 757f)api_fd_reply: p:0x41f06090 max_trans_reply: 1024 >write_to_pipe: 757f name: wkssvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000030 > 0004 context_id: 0000 > 0006 opnum : 0000 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\wkssvc >api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKS_Q_QUERY_INFO >api_rpc_cmds[0].fn == 0x80f5d70 >000000 wks_io_q_query_info > 0000 ptr_srv_name: 03ccf644 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 offset : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... > 002c switch_value: 0064 >_wks_query_info: 66 >create_wks_info_100: 40 >Init WKS_INFO_100: 79 >init_wks_r_unknown_0: 139 >_wks_query_info: 76 >000000 wks_io_r_query_info > 0000 switch_value: 0064 > 0004 ptr_1 : 00000001 > 000008 wks_io_wks_info_100 inf > 0008 platform_id : 000001f4 > 000c ptr_compname: 00000001 > 0010 ptr_lan_grp : 00000001 > 0014 ver_major : 00000004 > 0018 ver_minor : 00000009 > 00001c smb_io_unistr2 > 001c uni_max_len: 0000000c > 0020 offset : 00000000 > 0024 uni_str_len: 0000000c > 0028 buffer : T.H.U.N.D.E.R.B.I.R.D... > 000040 smb_io_unistr2 > 0040 uni_max_len: 0000000d > 0044 offset : 00000000 > 0048 uni_str_len: 0000000d > 004c buffer : N.O.R.T.H.A.M.E.R.I.C.A... > 0068 status : NT_STATUS_OK >api_rpcTNP: called wkssvc successfully >free_pipe_context: destroying talloc pool of size 1104 >write_to_pipe: data_used = 56 >read_from_pipe: 757f name: wkssvc len: 1024 >read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0084 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000006c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..132] >size=188 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1024 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 132 (0x84) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 132 (0x84) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=133 >[000] 00 05 00 02 03 10 00 00 00 84 00 00 00 01 00 00 ........ ........ >[010] 00 6C 00 00 00 00 00 00 00 64 00 00 00 01 00 00 .l...... .d...... >[020] 00 F4 01 00 00 01 00 00 00 01 00 00 00 04 00 00 .ô...... ........ >[030] 00 09 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ >[040] 00 54 00 48 00 55 00 4E 00 44 00 45 00 52 00 42 .T.H.U.N .D.E.R.B >[050] 00 49 00 52 00 44 00 00 00 0D 00 00 00 00 00 00 .I.R.D.. ........ >[060] 00 0D 00 00 00 4E 00 4F 00 52 00 54 00 48 00 41 .....N.O .R.T.H.A >[070] 00 4D 00 45 00 52 00 49 00 43 00 41 00 00 00 00 .M.E.R.I .C.A.... >[080] 00 00 00 00 00 ..... >write_socket(16,192) >write_socket(16,192) wrote 192 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 51 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=1088 >smt_wct=3 >smb_vwv[ 0]=30079 (0x757F) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=757f >pipe name wkssvc pnum=757f (pipes_open=1) >reply_pipe_close: pnum:757f >close_policy_by_pipe: deleted handle list for pipe wkssvc >closed pipe name wkssvc pnum=757f (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=1088 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 52 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1152 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[010] 00 . >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \srvsvc. >nt_open_pipe: Known pipe srvsvc opening. >Open pipe requested srvsvc (pipes_open=0) >Create pipe requested srvsvc >init_pipe_handles: created handle list for pipe srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >Created internal pipe srvsvc (pipes_open=0) >Opened pipe srvsvc with handle 7580 (pipes_open=1) >open pipes: name srvsvc pnum=7580 >do_ntcreate_pipe_open: open pipe = \srvsvc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1152 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=32768 (0x8000) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 53 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1216 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30080 (0x7580) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná >[040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7580 >pipe name srvsvc pnum=7580 (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 7580)api_fd_reply: p:0x41b2dfd4 max_trans_reply: 1024 >write_to_pipe: 7580 name: srvsvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\ntsvcs. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 7580 name: srvsvc len: 1024 >read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1216 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 54 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1280 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30080 (0x7580) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 30 00 00 00 00 00 15 00 44 F6 CC 03 0E 00 00 .0...... .DöÌ.... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h >[040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r >[050] 00 64 00 00 00 65 00 00 00 .d...e.. . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7580 >pipe name srvsvc pnum=7580 (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 7580)api_fd_reply: p:0x41b2dfd4 max_trans_reply: 1024 >write_to_pipe: 7580 name: srvsvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000030 > 0004 context_id: 0000 > 0006 opnum : 0015 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\srvsvc >api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO >api_rpc_cmds[10].fn == 0x80f9ee0 >000000 srv_io_q_net_srv_get_info > 0000 ptr_srv_name : 03ccf644 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 offset : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... > 002c switch_value : 00000065 >srv_net_srv_get_info: 1199 >init_srv_info_101 >init_srv_r_net_srv_get_info >srv_net_srv_get_info: 1244 >000000 srv_io_r_net_srv_get_info > 000000 srv_io_info_ctr ctr > 0000 switch_value: 00000065 > 0004 ptr_srv_ctr : 00000001 > 000008 srv_io_info_101 sv101 > 0008 platform_id : 000001f4 > 000c ptr_name : 00000001 > 0010 ver_major : 00000004 > 0014 ver_minor : 00000009 > 0018 srv_type : 00009903 > 001c ptr_comment : 00000001 > 000020 smb_io_unistr2 uni_name > 0020 uni_max_len: 0000000c > 0024 offset : 00000000 > 0028 uni_str_len: 0000000c > 002c buffer : T.H.U.N.D.E.R.B.I.R.D... > 000044 smb_io_unistr2 uni_comment > 0044 uni_max_len: 00000023 > 0048 offset : 00000000 > 004c uni_str_len: 00000023 > 0050 buffer : S.a.m.b.a. .T.I.P. .t.e.s.t. .s.e.r.v.e.r.:. .T.h.u.n.d.e.r.B.i.r.d... > 0098 status: WERR_OK >api_rpcTNP: called srvsvc successfully >free_pipe_context: destroying talloc pool of size 1160 >write_to_pipe: data_used = 56 >read_from_pipe: 7580 name: srvsvc len: 1024 >read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 156. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00b4 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000009c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..180] >size=236 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1280 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 180 (0xB4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 180 (0xB4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=181 >[000] 00 05 00 02 03 10 00 00 00 B4 00 00 00 01 00 00 ........ .´...... >[010] 00 9C 00 00 00 00 00 00 00 65 00 00 00 01 00 00 ........ .e...... >[020] 00 F4 01 00 00 01 00 00 00 04 00 00 00 09 00 00 .ô...... ........ >[030] 00 03 99 00 00 01 00 00 00 0C 00 00 00 00 00 00 ........ ........ >[040] 00 0C 00 00 00 54 00 48 00 55 00 4E 00 44 00 45 .....T.H .U.N.D.E >[050] 00 52 00 42 00 49 00 52 00 44 00 00 00 23 00 00 .R.B.I.R .D...#.. >[060] 00 00 00 00 00 23 00 00 00 53 00 61 00 6D 00 62 .....#.. .S.a.m.b >[070] 00 61 00 20 00 54 00 49 00 50 00 20 00 74 00 65 .a. .T.I .P. .t.e >[080] 00 73 00 74 00 20 00 73 00 65 00 72 00 76 00 65 .s.t. .s .e.r.v.e >[090] 00 72 00 3A 00 20 00 54 00 68 00 75 00 6E 00 64 .r.:. .T .h.u.n.d >[0A0] 00 65 00 72 00 42 00 69 00 72 00 64 00 00 00 00 .e.r.B.i .r.d.... >[0B0] 00 00 00 00 00 ..... >write_socket(16,240) >write_socket(16,240) wrote 240 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 55 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=1344 >smt_wct=3 >smb_vwv[ 0]=30080 (0x7580) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=7580 >pipe name srvsvc pnum=7580 (pipes_open=1) >reply_pipe_close: pnum:7580 >close_policy_by_pipe: deleted handle list for pipe srvsvc >closed pipe name srvsvc pnum=7580 (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=1344 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 56 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1408 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 768 (0x300) >smb_bcc=17 >[000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. >[010] 00 . >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \winreg. >nt_open_pipe: Known pipe winreg opening. >Open pipe requested winreg (pipes_open=0) >Create pipe requested winreg >init_pipe_handles: created handle list for pipe winreg >init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >Created internal pipe winreg (pipes_open=0) >Opened pipe winreg with handle 7581 (pipes_open=1) >open pipes: name winreg pnum=7581 >do_ntcreate_pipe_open: open pipe = \winreg >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1408 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=33024 (0x8100) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 57 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1472 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30081 (0x7581) >smb_bcc=89 >[000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ..Ð.3D"ñ 1ªª..8.. >[040] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7581 >pipe name winreg pnum=7581 (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 7581)api_fd_reply: p:0x41f47f74 max_trans_reply: 1024 >write_to_pipe: 7581 name: winreg open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 338cd001 > 0014 data : 2244 > 0016 data : 31f1 > 0018 data : aa aa > 001a data : 90 00 38 00 10 03 > 0020 version: 00000001 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\winreg >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\winreg. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 7581 name: winreg len: 1024 >read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1472 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 \winreg. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 120 >got message type 0x0 of len 0x78 >Transaction 58 of length 124 >size=120 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1536 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 36 (0x24) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30081 (0x7581) >smb_bcc=53 >[000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... >[020] 00 0C 00 00 00 00 00 02 00 D8 F9 CC 03 E8 DC 00 ........ .ØùÌ.èÜ. >[030] 00 00 00 00 02 ..... >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=36 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7581 >pipe name winreg pnum=7581 (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 7581)api_fd_reply: p:0x41f47f74 max_trans_reply: 1024 >write_to_pipe: 7581 name: winreg open: Yes len: 36 >write_to_pipe: data_left = 36 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 20 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 20 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 20, incoming data = 20 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000000c > 0004 context_id: 0000 > 0006 opnum : 0002 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >api_rpc_cmds[3].fn == 0x80f3b50 >000000 reg_io_q_open_hklm > 0000 ptr : 03ccf9d8 > 0004 unknown_0: dce8 > 0006 unknown_1: 0000 > 0008 access_mask: 02000000 >open_registry_key: name = [NULL][HKLM] >reghook_cache_find: Searching for keyname [/HKLM] >sorted_tree_find: Enter [/HKLM] >sorted_tree_find: Exit >regdb_fetch_reg_keys: Enter key => [HKLM] >regdb_fetch_reg_keys: Exit [1] items >Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 AF 26 FE 3F ........ ....¯&þ? >[010] D6 2B 00 00 Ö+.. >open_registry_key: exit >000000 reg_io_r_open_hklm > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000002 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: af 26 fe 3f d6 2b 00 00 > 0014 status: NT_STATUS_OK >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 20 >read_from_pipe: 7581 name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1536 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ >[020] 00 00 00 00 00 AF 26 FE 3F D6 2B 00 00 00 00 00 .....¯&þ ?Ö+..... >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 228 >got message type 0x0 of len 0xe4 >Transaction 59 of length 232 >size=228 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1600 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 144 (0x90) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30081 (0x7581) >smb_bcc=161 >[000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 90 00 00 00 02 00 00 ........ ........ >[020] 00 78 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 .x...... ........ >[030] 00 00 00 00 00 AF 26 FE 3F D6 2B 00 00 46 00 46 .....¯&þ ?Ö+..F.F >[040] 00 EC 1B C2 6A 23 00 00 00 00 00 00 00 23 00 00 .ì.Âj#.. .....#.. >[050] 00 53 00 4F 00 46 00 54 00 57 00 41 00 52 00 45 .S.O.F.T .W.A.R.E >[060] 00 5C 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F .\.M.i.c .r.o.s.o >[070] 00 66 00 74 00 5C 00 53 00 63 00 68 00 65 00 64 .f.t.\.S .c.h.e.d >[080] 00 75 00 6C 00 69 00 6E 00 67 00 41 00 67 00 65 .u.l.i.n .g.A.g.e >[090] 00 6E 00 74 00 00 00 00 00 00 00 00 00 3F 00 0F .n.t.... .....?.. >[0A0] 00 . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=144 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7581 >pipe name winreg pnum=7581 (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 7581)api_fd_reply: p:0x41f47f74 max_trans_reply: 1024 >write_to_pipe: 7581 name: winreg open: Yes len: 144 >write_to_pipe: data_left = 144 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 144 >fill_rpc_header: data_to_copy = 144, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 128 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 128 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0090 > 000a auth_len : 0000 > 000c call_id : 00000002 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 128 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 128, incoming data = 128 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000078 > 0004 context_id: 0000 > 0006 opnum : 000f >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >api_rpc_cmds[1].fn == 0x80f3d30 >000000 reg_io_q_entry > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000002 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: af 26 fe 3f d6 2b 00 00 > 000014 smb_io_unihdr > 0014 uni_str_len: 0046 > 0016 uni_max_len: 0046 > 0018 buffer : 6ac21bec > 00001c smb_io_unistr2 > 001c uni_max_len: 00000023 > 0020 offset : 00000000 > 0024 uni_str_len: 00000023 > 0028 buffer : S.O.F.T.W.A.R.E.\.M.i.c.r.o.s.o.f.t.\.S.c.h.e.d.u.l.i.n.g.A.g.e.n.t... > 0070 unknown_0 : 00000000 > 0074 access_desired : 000f003f >Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 AF 26 FE 3F ........ ....¯&þ? >[010] D6 2B 00 00 Ö+.. >reg_open_entry: Enter >open_registry_key: name = [HKLM][SOFTWARE\Microsoft\SchedulingAgent] >reghook_cache_find: Searching for keyname [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] >sorted_tree_find: Enter [/HKLM/SOFTWARE/Microsoft/SchedulingAgent] >sorted_tree_find: Exit >regdb_fetch_reg_keys: Enter key => [HKLM\SOFTWARE\Microsoft\SchedulingAgent] >regdb_fetch_reg_keys: tdb lookup failed to locate key [HKLM\SOFTWARE\Microsoft\SchedulingAgent] >open_registry_key: exit >reg_open_entry: Exit >000000 reg_io_r_open_entry > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000000 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 00 00 00 00 00 00 00 00 > 0014 status: NT_STATUS_NO_SUCH_FILE >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 70 >write_to_pipe: data_used = 128 >read_from_pipe: 7581 name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1600 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[020] 00 00 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ >[030] C0 À >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 128 >got message type 0x0 of len 0x80 >Transaction 60 of length 132 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1664 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 44 (0x2C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 44 (0x2C) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30081 (0x7581) >smb_bcc=61 >[000] 05 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 12 .\.P.I.P .E.\.... >[010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... >[020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ >[030] 00 00 00 00 00 AF 26 FE 3F D6 2B 00 00 .....¯&þ ?Ö+.. >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=44 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7581 >pipe name winreg pnum=7581 (pipes_open=1) >Got API command 0x26 on pipe "winreg" (pnum 7581)api_fd_reply: p:0x41f47f74 max_trans_reply: 1024 >write_to_pipe: 7581 name: winreg open: Yes len: 44 >write_to_pipe: data_left = 44 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000003 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 28 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0005 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\winreg >api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >api_rpc_cmds[0].fn == 0x80f3aa0 >000000 reg_io_q_close > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000002 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: af 26 fe 3f d6 2b 00 00 >Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 AF 26 FE 3F ........ ....¯&þ? >[010] D6 2B 00 00 Ö+.. >Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 AF 26 FE 3F ........ ....¯&þ? >[010] D6 2B 00 00 Ö+.. >Closed policy >000000 reg_io_r_close > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000000 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 00 00 00 00 00 00 00 00 > 0014 status: NT_STATUS_OK >api_rpcTNP: called winreg successfully >free_pipe_context: destroying talloc pool of size 0 >write_to_pipe: data_used = 28 >read_from_pipe: 7581 name: winreg len: 1024 >read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..48] >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1664 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[030] 00 . >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 61 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=1728 >smt_wct=3 >smb_vwv[ 0]=30081 (0x7581) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=7581 >pipe name winreg pnum=7581 (pipes_open=1) >reply_pipe_close: pnum:7581 >close_policy_by_pipe: deleted handle list for pipe winreg >closed pipe name winreg pnum=7581 (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=1728 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 214 >got message type 0x0 of len 0xd6 >Transaction 62 of length 218 >size=214 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=1792 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 214 (0xD6) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 1 (0x1) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 83 (0x53) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=155 >[000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... .. G0E . >[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7...¢3 >[020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 .1NTLMSS P......² >[030] 08 E0 02 00 02 00 2F 00 00 00 0F 00 0F 00 20 00 .à..../. ...... . >[040] 00 00 4E 45 57 56 4D 2D 57 49 4E 32 4B 50 52 4F ..NEWVM- WIN2KPRO >[050] 31 4E 4C 57 00 69 00 6E 00 64 00 6F 00 77 00 73 1NLW.i.n .d.o.w.s >[060] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 >[070] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o >[080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[090] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got OID 1 3 6 1 4 1 311 2 2 10 >Got secblob of size 49 >Making default auth method list for security=ADS >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match winbind:ntdomain >load_auth_module: Attempting to find an auth method to match ntdomain >load_auth_module: auth method ntdomain has a valid init >load_auth_module: auth method winbind has a valid init >Got NTLMSSP neg_flags=0xe008b297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED > NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: module winbind did not want to specify a challenge >auth_context challenge created by random >challenge is: >[000] 1A 49 AD BB 57 A1 D2 92 .I»W¡Ò. >write_socket(16,318) >write_socket(16,318) wrote 318 >got smb length of 250 >got message type 0x0 of len 0xfa >Transaction 63 of length 254 >size=250 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=1856 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 250 (0xFA) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 1 (0x1) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 119 (0x77) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=191 >[000] A1 75 30 73 A2 71 04 6F 4E 54 4C 4D 53 53 50 00 ¡u0s¢q.o NTLMSSP. >[010] 03 00 00 00 01 00 01 00 5E 00 00 00 00 00 00 00 ........ ^....... >[020] 5F 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 _....... @....... >[030] 40 00 00 00 1E 00 1E 00 40 00 00 00 10 00 10 00 @....... @....... >[040] 5F 00 00 00 15 8A 88 60 4E 00 45 00 57 00 56 00 _......` N.E.W.V. >[050] 4D 00 2D 00 57 00 49 00 4E 00 32 00 4B 00 50 00 M.-.W.I. N.2.K.P. >[060] 52 00 4F 00 31 00 00 3F 99 E9 6C 8F A6 62 E2 99 R.O.1..? .él.¦bâ. >[070] 5A 48 8E 55 36 73 3E 57 00 69 00 6E 00 64 00 6F ZH.U6s>W .i.n.d.o >[080] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[090] 00 32 00 31 00 39 00 35 00 00 00 57 00 69 00 6E .2.1.9.5 ...W.i.n >[0A0] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 >[0B0] 00 30 00 20 00 35 00 2E 00 30 00 00 00 00 00 .0. .5.. .0..... >switch message SMBsesssetupX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got user=[] domain=[] workstation=[NEWVM-WIN2KPRO1] len1=1 len2=0 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >make_user_info_map: Mapping user []\[] from workstation [NEWVM-WIN2KPRO1] >Returning valid cache entry: key = TDOM/NORTHAMERICA, value = S-1-5-21-2700928644-3666989044-3468193467, timeout = Thu Jan 8 19:58:24 2004 > >trusted domain NORTHAMERICA found (S-1-5-21-2700928644-3666989044-3468193467) >attempting to make a user_info for () >making strings for 's user_info struct >making blobs for 's user_info struct >made an encrypted user_info for () >check_ntlm_password: Checking password for unmapped user []\[]@[NEWVM-WIN2KPRO1] with the new password interface >check_ntlm_password: mapped user is: [NORTHAMERICA]\[]@[NEWVM-WIN2KPRO1] >check_ntlm_password: auth_context challenge created by random >challenge is: >[000] 1A 49 AD BB 57 A1 D2 92 .I»W¡Ò. >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >smbpasswd_getsampwrid: search by sid: S-1-5-21-1230831274-1854532264-3937569523-501 >getsampwnam (smbpasswd): search by name: guest >startsmbfilepwent_internal: opening file /usr/local/samba/private/smbpasswd >getsmbfilepwent: end of file reached. >endsmbfilepwent_internal: closed password file. >pdb_set_username: setting username guest, was >element 11 -> now SET >pdb_set_full_name: setting full name guest, was >element 12 -> now SET >pdb_set_domain: setting domain THUNDERBIRD, was >pdb_set_user_sid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-501 >element 17 -> now SET >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1230831274-1854532264-3937569523-501 from rid 501 >pdb_set_group_sid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-514 >pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-1230831274-1854532264-3937569523-514 from rid 514 >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >sys_getgrouplist: user [guest] >sys_getgrouplist(): disabled winbindd for group lookup [user == guest] >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >UNIX token of user 31305 >Primary group is 31305 and contains 2 supplementary groups >Group[ 0]: 31305 >Group[ 1]: 31305 >gid_to_sid: winbindd 31305 -> S-1-5-21-1659004503-1957994488-839522115-1509 >fetch sid from gid cache 31305 -> S-1-5-21-1659004503-1957994488-839522115-1509 >NT user token of user S-1-5-21-1230831274-1854532264-3937569523-501 >contains 6 SIDs >SID[ 0]: S-1-5-21-1230831274-1854532264-3937569523-501 >SID[ 1]: S-1-5-21-1230831274-1854532264-3937569523-514 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-32-546 >SID[ 5]: S-1-5-21-1659004503-1957994488-839522115-1509 >make_server_info_sam: made server info for user guest -> guest >check_ntlm_password: guest authentication for user [] succeeded >check_ntlm_password: guest authentication for user [] -> [] -> [guest] succeeded >attempting to free (and zero) a user_info structure >structure was created for >Got NT session key of length 16 >Got LM session key of length 16 >ntlmssp_server_auth: Using unmodified nt session key. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >register_vuid: allocated vuid = 102 >register_vuid: (31305,31305) guest THUNDERBIRD guest=1 >User name: guest Real name: guest >UNIX uid 31305 is UNIX user guest, and will be vuid 102 >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 88 >got message type 0x0 of len 0x58 >Transaction 64 of length 92 >size=88 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=102 >smb_mid=1920 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=45 >[000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E >[010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 49 00 50 .R.B.I.R .D.\.I.P >[020] 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .C.$...? ????. >switch message SMBtconX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [IPC$] >making a connection to 'normal' service ipc$ >Finding user guest >Trying _Get_Pwnam(), username as lowercase is guest >Get_Pwnam_internals did find user [guest]! >Connect path is '/tmp' for service [IPC$] >get_share_security: using default secdesc for IPC$ >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1230831274-1854532264-3937569523-501. >se_access_check: user sid is S-1-5-21-1230831274-1854532264-3937569523-501 >se_access_check: also S-1-5-21-1230831274-1854532264-3937569523-514 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-32-546 >se_access_check: also S-1-5-21-1659004503-1957994488-839522115-1509 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >Initialising default vfs hooks >claiming IPC$ 0 >get_share_security: using default secdesc for IPC$ >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-1230831274-1854532264-3937569523-501. >se_access_check: user sid is S-1-5-21-1230831274-1854532264-3937569523-501 >se_access_check: also S-1-5-21-1230831274-1854532264-3937569523-514 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-32-546 >se_access_check: also S-1-5-21-1659004503-1957994488-839522115-1509 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >se_access_check: access (1) granted. >setting sec ctx (31305, 31305) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-1230831274-1854532264-3937569523-501 >contains 6 SIDs >SID[ 0]: S-1-5-21-1230831274-1854532264-3937569523-501 >SID[ 1]: S-1-5-21-1230831274-1854532264-3937569523-514 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-32-546 >SID[ 5]: S-1-5-21-1659004503-1957994488-839522115-1509 >UNIX token of user 31305 >Primary group is 31305 and contains 2 supplementary groups >Group[ 0]: 31305 >Group[ 1]: 31305 >change_to_user uid=(31305,31305) gid=(0,31305) >newvm-win2kpro1 (10.33.1.222) connect to service IPC$ initially as user guest (uid=31305, gid=31305) (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=IPC$ >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2 >smb_pid=65279 >smb_uid=102 >smb_mid=1920 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >write_socket(16,52) >write_socket(16,52) wrote 52 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 65 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1984 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[000] 3F 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 ?\.s.r.v .s.v.c.. >[010] 00 . >switch message SMBntcreateX (pid 11222) >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \srvsvc. >nt_open_pipe: Known pipe srvsvc opening. >Open pipe requested srvsvc (pipes_open=0) >Create pipe requested srvsvc >init_pipe_handles: created handle list for pipe srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >Created internal pipe srvsvc (pipes_open=0) >Opened pipe srvsvc with handle 7582 (pipes_open=1) >open pipes: name srvsvc pnum=7582 >do_ntcreate_pipe_open: open pipe = \srvsvc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=1984 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=33280 (0x8200) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 66 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2048 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30082 (0x7582) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 65 .\.P.I.P .E.\...e >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná >[040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7582 >pipe name srvsvc pnum=7582 (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 7582)api_fd_reply: p:0x422b0250 max_trans_reply: 1024 >write_to_pipe: 7582 name: srvsvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\ntsvcs. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 7582 name: srvsvc len: 1024 >read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2048 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 67 of length 188 >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2112 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30082 (0x7582) >smb_bcc=117 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 65 .\.P.I.P .E.\...e >[010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[020] 00 4C 00 00 00 00 00 10 00 AC E1 FA 03 0E 00 00 .L...... .¬áú.... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h >[040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r >[050] 00 64 00 00 00 07 00 00 00 00 00 00 00 07 00 00 .d...... ........ >[060] 00 70 00 75 00 62 00 6C 00 69 00 63 00 00 00 00 .p.u.b.l .i.c.... >[070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7582 >pipe name srvsvc pnum=7582 (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 7582)api_fd_reply: p:0x422b0250 max_trans_reply: 1024 >write_to_pipe: 7582 name: srvsvc open: Yes len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\srvsvc >api_rpcTNP: srvsvc op 0x10 - api_rpcTNP: rpc command: SRV_NET_SHARE_GET_INFO >api_rpc_cmds[7].fn == 0x80fa4b0 >000000 srv_io_q_net_share_get_info > 0000 ptr_srv_name: 03fae1ac > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 offset : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... > 00002c smb_io_unistr2 > 002c uni_max_len: 00000007 > 0030 offset : 00000000 > 0034 uni_str_len: 00000007 > 0038 buffer : p.u.b.l.i.c... > 0048 info_level: 00000001 >_srv_net_share_get_info: 1391 >init_srv_r_net_share_get_info: 737 >init_srv_share_info1: public 0 >init_srv_share_info1_str >_srv_net_share_get_info: 1397 >000000 srv_io_r_net_share_get_info > 000000 srv_io_srv_share_info info > 0000 switch_value : 00000001 > 0004 ptr_share_ctr: 00000001 > 000008 srv_io_share_info1 > 0008 ptr_netname: 00000001 > 000c type : 00000000 > 0010 ptr_remark : 00000001 > 000014 srv_io_share_info1_str > 000014 smb_io_unistr2 > 0014 uni_max_len: 00000007 > 0018 offset : 00000000 > 001c uni_str_len: 00000007 > 0020 buffer : p.u.b.l.i.c... > 000030 smb_io_unistr2 > 0030 uni_max_len: 00000001 > 0034 offset : 00000000 > 0038 uni_str_len: 00000001 > 003c buffer : .. > 0040 status: WERR_OK >api_rpcTNP: called srvsvc successfully >free_pipe_context: destroying talloc pool of size 1066 >write_to_pipe: data_used = 84 >read_from_pipe: 7582 name: srvsvc len: 1024 >read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 68. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000044 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..92] >size=148 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2112 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 92 (0x5C) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=93 >[000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 01 00 00 ........ .\...... >[010] 00 44 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .D...... ........ >[020] 00 01 00 00 00 00 00 00 00 01 00 00 00 07 00 00 ........ ........ >[030] 00 00 00 00 00 07 00 00 00 70 00 75 00 62 00 6C ........ .p.u.b.l >[040] 00 69 00 63 00 00 00 00 00 01 00 00 00 00 00 00 .i.c.... ........ >[050] 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >write_socket(16,152) >write_socket(16,152) wrote 152 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 68 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=2176 >smt_wct=3 >smb_vwv[ 0]=30082 (0x7582) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=7582 >pipe name srvsvc pnum=7582 (pipes_open=1) >reply_pipe_close: pnum:7582 >close_policy_by_pipe: deleted handle list for pipe srvsvc >closed pipe name srvsvc pnum=7582 (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=2176 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 69 of length 104 >size=100 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2240 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 5632 (0x1600) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=40704 (0x9F00) >smb_vwv[ 8]= 513 (0x201) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]=16384 (0x4000) >smb_vwv[20]=16384 (0x4000) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 256 (0x100) >smb_bcc=17 >[000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. >[010] 00 . >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >nt_open_pipe: Opening pipe \srvsvc. >nt_open_pipe: Known pipe srvsvc opening. >Open pipe requested srvsvc (pipes_open=0) >Create pipe requested srvsvc >init_pipe_handles: created handle list for pipe srvsvc >init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc >Created internal pipe srvsvc (pipes_open=0) >Opened pipe srvsvc with handle 7583 (pipes_open=1) >open pipes: name srvsvc pnum=7583 >do_ntcreate_pipe_open: open pipe = \srvsvc >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2240 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=33536 (0x8300) >smb_vwv[ 3]= 373 (0x175) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 156 >got message type 0x0 of len 0x9c >Transaction 70 of length 160 >size=156 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2304 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30083 (0x7583) >smb_bcc=89 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 65 .\.P.I.P .E.\...e >[010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... >[020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 .¸.¸.... ........ >[030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 .ÈO2Kp.Ó ..xZG¿ná >[040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. >[050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=72 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7583 >pipe name srvsvc pnum=7583 (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 7583)api_fd_reply: p:0x41b6722c max_trans_reply: 1024 >write_to_pipe: 7583 name: srvsvc open: Yes len: 72 >write_to_pipe: data_left = 72 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 11, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 56 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >process_complete_pdu: processing packet type 11 >api_pipe_bind_req: decode request. 849 >api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs >000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_elements: 00000001 > 000c context_id : 0000 > 000e num_syntaxes: 01 > 00000f smb_io_rpc_iface > 000010 smb_io_uuid uuid > 0010 data : 4b324fc8 > 0014 data : 1670 > 0016 data : 01d3 > 0018 data : 12 78 > 001a data : 5a 47 bf 6e e1 88 > 0020 version: 00000003 > 000024 smb_io_rpc_iface > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >api_pipe_bind_req: make response. 990 >check_bind_req for \PIPE\srvsvc >000000 smb_io_rpc_hdr_ba > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\ntsvcs. > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 > 000020 smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >write_to_pipe: data_used = 56 >read_from_pipe: 7583 name: srvsvc len: 1024 >read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >copy_trans_params_and_data: params[0..0] data[0..68] >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2304 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE >[020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H >[040] 60 02 00 00 00 `.... >write_socket(16,128) >write_socket(16,128) wrote 128 >got smb length of 184 >got message type 0x0 of len 0xb8 >Transaction 71 of length 188 >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2368 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 100 (0x64) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 84 (0x54) >smb_vwv[11]= 100 (0x64) >smb_vwv[12]= 84 (0x54) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=30083 (0x7583) >smb_bcc=117 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 65 .\.P.I.P .E.\...e >[010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... >[020] 00 4C 00 00 00 00 00 10 00 2C E1 FA 03 0E 00 00 .L...... .,áú.... >[030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 74 00 68 ........ .\.\.t.h >[040] 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 .u.n.d.e .r.b.i.r >[050] 00 64 00 00 00 07 00 00 00 00 00 00 00 07 00 00 .d...... ........ >[060] 00 70 00 75 00 62 00 6C 00 69 00 63 00 00 00 00 .p.u.b.l .i.c.... >[070] 00 01 00 00 00 ..... >switch message SMBtrans (pid 11222) >change_to_user: Skipping user change - already user >trans <\PIPE\> data=100 params=0 setup=2 >calling named_pipe >named pipe command on <> name >api_fd_reply >search for pipe pnum=7583 >pipe name srvsvc pnum=7583 (pipes_open=1) >Got API command 0x26 on pipe "srvsvc" (pnum 7583)api_fd_reply: p:0x41b6722c max_trans_reply: 1024 >write_to_pipe: 7583 name: srvsvc open: Yes len: 100 >write_to_pipe: data_left = 100 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 >fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >write_to_pipe: data_used = 16 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 >000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0064 > 000a auth_len : 0000 > 000c call_id : 00000001 >unmarshall_rpc_header: using little-endian RPC >unmarshall_rpc_header: type = 0, flags = 3 >write_to_pipe: data_used = 0 >write_to_pipe: data_left = 84 >process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 84, incoming data = 84 >process_complete_pdu: processing packet type 0 >000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000004c > 0004 context_id: 0000 > 0006 opnum : 0010 >free_pipe_context: destroying talloc pool of size 0 >Requested \PIPE\srvsvc >api_rpcTNP: srvsvc op 0x10 - api_rpcTNP: rpc command: SRV_NET_SHARE_GET_INFO >api_rpc_cmds[7].fn == 0x80fa4b0 >000000 srv_io_q_net_share_get_info > 0000 ptr_srv_name: 03fae12c > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000e > 0008 offset : 00000000 > 000c uni_str_len: 0000000e > 0010 buffer : \.\.t.h.u.n.d.e.r.b.i.r.d... > 00002c smb_io_unistr2 > 002c uni_max_len: 00000007 > 0030 offset : 00000000 > 0034 uni_str_len: 00000007 > 0038 buffer : p.u.b.l.i.c... > 0048 info_level: 00000001 >_srv_net_share_get_info: 1391 >init_srv_r_net_share_get_info: 737 >init_srv_share_info1: public 0 >init_srv_share_info1_str >_srv_net_share_get_info: 1397 >000000 srv_io_r_net_share_get_info > 000000 srv_io_srv_share_info info > 0000 switch_value : 00000001 > 0004 ptr_share_ctr: 00000001 > 000008 srv_io_share_info1 > 0008 ptr_netname: 00000001 > 000c type : 00000000 > 0010 ptr_remark : 00000001 > 000014 srv_io_share_info1_str > 000014 smb_io_unistr2 > 0014 uni_max_len: 00000007 > 0018 offset : 00000000 > 001c uni_str_len: 00000007 > 0020 buffer : p.u.b.l.i.c... > 000030 smb_io_unistr2 > 0030 uni_max_len: 00000001 > 0034 offset : 00000000 > 0038 uni_str_len: 00000001 > 003c buffer : .. > 0040 status: WERR_OK >api_rpcTNP: called srvsvc successfully >free_pipe_context: destroying talloc pool of size 1066 >write_to_pipe: data_used = 84 >read_from_pipe: 7583 name: srvsvc len: 1024 >read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 68. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000044 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >copy_trans_params_and_data: params[0..0] data[0..92] >size=148 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=101 >smb_mid=2368 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 92 (0x5C) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=93 >[000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 01 00 00 ........ .\...... >[010] 00 44 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .D...... ........ >[020] 00 01 00 00 00 00 00 00 00 01 00 00 00 07 00 00 ........ ........ >[030] 00 00 00 00 00 07 00 00 00 70 00 75 00 62 00 6C ........ .p.u.b.l >[040] 00 69 00 63 00 00 00 00 00 01 00 00 00 00 00 00 .i.c.... ........ >[050] 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >write_socket(16,152) >write_socket(16,152) wrote 152 >got smb length of 41 >got message type 0x0 of len 0x29 >Transaction 72 of length 45 >size=41 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=2432 >smt_wct=3 >smb_vwv[ 0]=30083 (0x7583) >smb_vwv[ 1]=65535 (0xFFFF) >smb_vwv[ 2]=65535 (0xFFFF) >smb_bcc=0 >switch message SMBclose (pid 11222) >change_to_user: Skipping user change - already user >search for pipe pnum=7583 >pipe name srvsvc pnum=7583 (pipes_open=1) >reply_pipe_close: pnum:7583 >close_policy_by_pipe: deleted handle list for pipe srvsvc >closed pipe name srvsvc pnum=7583 (pipes_open=0) >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=101 >smb_mid=2432 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 92 >got message type 0x0 of len 0x5c >Transaction 73 of length 96 >size=92 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=101 >smb_mid=2496 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=49 >[000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E >[010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 50 00 55 .R.B.I.R .D.\.P.U >[020] 00 42 00 4C 00 49 00 43 00 00 00 3F 3F 3F 3F 3F .B.L.I.C ...????? >[030] 00 . >switch message SMBtconX (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [PUBLIC] >making a connection to 'normal' service public >Finding user NORTHAMERICA\na_user5 >Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 >Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! >Connect path is '/public' for service [public] >get_share_security: using default secdesc for public >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. >se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >Initialising default vfs hooks >claiming public 0 >get_share_security: using default secdesc for public >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. >se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >newvm-win2kpro1 (10.33.1.222) connect to service public initially as user NORTHAMERICA\na_user5 (uid=39428, gid=31947) (pid 11222) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=PUBLIC >size=54 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=65279 >smb_uid=101 >smb_mid=2496 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=13 >[000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... >write_socket(16,58) >write_socket(16,58) wrote 58 >got smb length of 76 >got message type 0x0 of len 0x4c >Transaction 74 of length 80 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2560 >smt_wct=15 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 8 (0x8) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=11 >[000] 00 54 00 EC 03 00 00 00 00 00 00 .T.ì.... ... >switch message SMBtrans2 (pid 11222) >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >vfs_ChDir to /public >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "" >unix_clean_name [] >conversion finished . -> . >is_in_path: . >is_in_path: no name list. >unix_clean_name [.] >call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 >dos_mode: . >is_in_path: . >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Thu Jan 8 19:01:22 2004 > access: Thu Jan 8 19:56:00 2004 > write: Thu Jan 8 19:01:22 2004 > change: Thu Jan 8 19:01:22 2004 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 75 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2624 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 02 00 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 ...ì.... .\.d.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\desktop.ini" >unix_clean_name [/desktop.ini] >stat_cache_lookup: lookup failed for name [DESKTOP.INI] >unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >is_in_path: desktop.ini >is_in_path: no name list. >unix_clean_name [desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) >set_bad_path_error: err = 2 bad_path = 0 >error string = No such file or directory >error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2624 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 76 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2688 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 38 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .8...V.. .......\ >[010] 00 2A 00 00 00 .*... >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\*" >unix_clean_name [/*] >stat_cache_lookup: lookup failed for name [*] >unix_convert begin: name = *, dirpath = , start = * >is_mangled * ? >is_mangled_component * (len 1) ? >is_mangled * ? >is_mangled_component * (len 1) ? >New file * >is_in_path: * >is_in_path: no name list. >unix_clean_name [*] >dir=./, mask = * >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 1 >ms_fnmatch(*,.) -> 0 >dos_mode: ./. >is_in_path: ./. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./. fname=. >get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 2 >ms_fnmatch(*,.) -> 0 >dos_mode: ./.. >is_in_path: ./.. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./.. fname=.. >get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 3 >ms_fnmatch(*,test-test) -> 0 >dos_mode: ./test-test >is_in_path: ./test-test >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./test-test fname=test-test >name_map: test-test -> 454A1C96 -> TJ8432~U (cache=1) >get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 4 >ms_fnmatch(*,test.doc) -> 0 >dos_mode: ./test.doc >is_in_path: ./test.doc >is_in_path: no name list. >dos_mode returning a >get_lanman2_dir_entry found ./test.doc fname=test.doc >get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 5 >ms_fnmatch(*,New Folder) -> 0 >dos_mode: ./New Folder >is_in_path: ./New Folder >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./New Folder fname=New Folder >name_map: New Folder -> 6E19BE57 -> NUJRHW~7 (cache=1) >get_lanman2_dir_entry:readdir on dirptr 0x41b93ac4 now at offset 5 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 536, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 536, paramsize = 10, datasize = 536 >write_socket(16,608) >write_socket(16,608) wrote 608 >SMBtrans2 mask=* directory=./ dirtype=22 numentries=5 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 77 of length 90 >size=86 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2752 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 256 (0x100) >smb_vwv[ 8]= 4096 (0x1000) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 256 (0x100) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=3 >[000] 00 00 00 ... >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x100001, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "" >unix_clean_name [] >conversion finished . -> . >unix_mode(.) returning 0777 >allocated file structure 4233, fnum = 8329 (1 used) >open_directory: opening directory . >dos_mode: . >is_in_path: . >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 8329, open name = . >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2752 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=35072 (0x8900) >smb_vwv[ 3]= 288 (0x120) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]=28013 (0x6D6D) >smb_vwv[ 7]=23772 (0x5CDC) >smb_vwv[ 8]=50134 (0xC3D6) >smb_vwv[ 9]=32769 (0x8001) >smb_vwv[10]= 5518 (0x158E) >smb_vwv[11]=25784 (0x64B8) >smb_vwv[12]=50134 (0xC3D6) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]=28013 (0x6D6D) >smb_vwv[15]=23772 (0x5CDC) >smb_vwv[16]=50134 (0xC3D6) >smb_vwv[17]= 1 (0x1) >smb_vwv[18]=28013 (0x6D6D) >smb_vwv[19]=23772 (0x5CDC) >smb_vwv[20]=50134 (0xC3D6) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 78 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2816 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 23 (0x17) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 8329 (0x2089) >smb_vwv[22]= 0 (0x0) >smb_bcc=3 >[000] 26 00 80 &.. >switch message SMBnttrans (pid 11222) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] 17 00 00 00 89 20 00 00 ..... .. >call_nt_transact_notify_change >kernel change notify on . (ntflags=0x17 flags=0x3e) fd=27 >call_nt_transact_notify_change: notify change called on directory name = . >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 79 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2881 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 3 (0x3) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 8329 (0x2089) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[000] 26 00 80 &.. >switch message SMBnttrans (pid 11222) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] 03 00 00 00 89 20 01 00 ..... .. >call_nt_transact_notify_change >kernel change notify on . (ntflags=0x3 flags=0x1e) fd=28 >call_nt_transact_notify_change: notify change called on directory name = . >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 80 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=2946 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 EF 03 .C.ï. >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 81 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3010 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 EF 03 .C.ï. >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 82 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3074 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 05 01 .C... >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >write_socket(16,80) >write_socket(16,80) wrote 80 >SMBtrans2 info_level = 261 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 83 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3138 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 05 01 .C... >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >write_socket(16,80) >write_socket(16,80) wrote 80 >SMBtrans2 info_level = 261 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 84 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3202 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 05 01 .C... >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >write_socket(16,80) >write_socket(16,80) wrote 80 >SMBtrans2 info_level = 261 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 85 of length 102 >size=98 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3266 >smt_wct=15 >smb_vwv[ 0]= 30 (0x1E) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 30 (0x1E) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=33 >[000] 00 6E 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 .n.ì.... .\.N.e.w >[010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 00 . .F.o.l .d.e.r.. >[020] 00 . >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\New Folder" >unix_clean_name [/New Folder] >stat_cache_lookup: lookup failed for name [NEW FOLDER] >stat_cache_add: Added entry NEW FOLDER -> New Folder >conversion finished New Folder -> New Folder >is_in_path: New Folder >is_in_path: no name list. >unix_clean_name [New Folder] >call_trans2qfilepathinfo New Folder (fnum = -1) level=1004 call=5 total_data=0 >dos_mode: New Folder >is_in_path: New Folder >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Thu Jan 8 19:01:22 2004 > access: Thu Jan 8 19:01:22 2004 > write: Thu Jan 8 19:01:22 2004 > change: Thu Jan 8 19:01:22 2004 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 98 >got message type 0x0 of len 0x62 >Transaction 86 of length 102 >size=98 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3330 >smt_wct=15 >smb_vwv[ 0]= 30 (0x1E) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 30 (0x1E) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=33 >[000] 00 6E 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 .n.ì.... .\.N.e.w >[010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 00 . .F.o.l .d.e.r.. >[020] 00 . >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\New Folder" >unix_clean_name [/New Folder] >stat_cache_lookup: lookup succeeded for name [NEW FOLDER] -> [New Folder] >is_in_path: New Folder >is_in_path: no name list. >unix_clean_name [New Folder] >call_trans2qfilepathinfo New Folder (fnum = -1) level=1004 call=5 total_data=0 >dos_mode: New Folder >is_in_path: New Folder >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Thu Jan 8 19:01:22 2004 > access: Thu Jan 8 19:01:22 2004 > write: Thu Jan 8 19:01:22 2004 > change: Thu Jan 8 19:01:22 2004 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 87 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3394 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 05 01 .C... >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 261 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >write_socket(16,80) >write_socket(16,80) wrote 80 >SMBtrans2 info_level = 261 >got smb length of 106 >got message type 0x0 of len 0x6a >Transaction 88 of length 110 >size=106 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3458 >smt_wct=15 >smb_vwv[ 0]= 38 (0x26) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 38 (0x26) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=41 >[000] 00 6E 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 .n.ì.... .\.N.e.w >[010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 20 . .F.o.l .d.e.r. >[020] 00 28 00 32 00 29 00 00 00 .(.2.).. . >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\New Folder (2)" >unix_clean_name [/New Folder (2)] >stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] >unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >New file New Folder (2) >is_in_path: New Folder (2) >is_in_path: no name list. >unix_clean_name [New Folder (2)] >call_trans2qfilepathinfo: SMB_VFS_STAT of New Folder (2) failed (No such file or directory) >set_bad_path_error: err = 2 bad_path = 0 >error string = No such file or directory >error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3458 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 106 >got message type 0x0 of len 0x6a >Transaction 89 of length 110 >size=106 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=8 >smb_uid=101 >smb_mid=3522 >smt_wct=15 >smb_vwv[ 0]= 38 (0x26) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 38 (0x26) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=41 >[000] 00 6E 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 .n.ì.... .\.N.e.w >[010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 20 . .F.o.l .d.e.r. >[020] 00 28 00 32 00 29 00 00 00 .(.2.).. . >switch message SMBtrans2 (pid 11222) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\New Folder (2)" >unix_clean_name [/New Folder (2)] >stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] >unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >New file New Folder (2) >is_in_path: New Folder (2) >is_in_path: no name list. >unix_clean_name [New Folder (2)] >call_trans2qfilepathinfo: SMB_VFS_STAT of New Folder (2) failed (No such file or directory) >set_bad_path_error: err = 2 bad_path = 0 >error string = No such file or directory >error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=3 >smb_pid=8 >smb_uid=101 >smb_mid=3522 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 116 >got message type 0x0 of len 0x74 >Transaction 90 of length 120 >size=116 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=3 >smb_pid=1512 >smb_uid=101 >smb_mid=3586 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 7680 (0x1E00) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 256 (0x100) >smb_vwv[ 8]= 4096 (0x1000) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 512 (0x200) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 256 (0x100) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=33 >[000] 00 5C 00 4E 00 65 00 77 00 20 00 46 00 6F 00 6C .\.N.e.w . .F.o.l >[010] 00 64 00 65 00 72 00 20 00 28 00 32 00 29 00 00 .d.e.r. .(.2.).. >[020] 00 . >switch message SMBntcreateX (pid 11222) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x1 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x2 to 0x10 >map_share_mode: Mapped desired access 0x100001, share access 0x3, file attributes 0x80 to open_mode 0x40 >unix_convert called on file "\New Folder (2)" >unix_clean_name [/New Folder (2)] >stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] >unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >New file New Folder (2) >unix_mode(New Folder (2)) returning 0777 >allocated file structure 4234, fnum = 8330 (2 used) >unix_mode(New Folder (2)) returning 0777 >--11222-- FATAL: unhandled syscall: 229 >--11222-- Do not panic. You may be able to fix this easily. >--11222-- Read the file README_MISSING_SYSCALL_OR_IOCTL. >==11222== >==11222== Valgrind detected that your program requires >==11222== the following unimplemented functionality: >==11222== no wrapper for the above system call >==11222== This may be because the functionality is hard to implement, >==11222== or because no reasonable program would behave this way, >==11222== or because nobody has yet needed it. In any case, let me know >==11222== (jseward@acm.org) and/or try to work around the problem, if you can. >==11222== >==11222== Valgrind has to exit now. Sorry. Bye! >==11222== > >sched status: > >Thread 1: status = Runnable, associated_mx = 0x0, associated_cv = 0x0 >==11222== at 0x420E45ED: syscall (in /lib/i686/libc-2.2.5.so) >==11222== by 0x40464C44: acl_get_file (acl_get_file.c:58) >==11222== by 0x80BF024: directory_has_default_acl (smbd/posix_acls.c:3374) >==11222== by 0x80B7BD4: vfswrap_mkdir (smbd/vfs-wrap.c:118) >==11222== by 0x80B6171: vfs_MkDir (smbd/vfs.c:357) >==11222== by 0x80B2CE3: open_directory (smbd/open.c:1308) >==11222== by 0x8095B2D: reply_ntcreate_and_X (smbd/nttrans.c:777) >==11222== by 0x80BFE38: switch_message (smbd/process.c:767) >==11222== by 0x80BFEDD: construct_reply (smbd/process.c:797) >==11222== by 0x80C01E6: process_smb (smbd/process.c:897) >==11222== by 0x80C0C53: smbd_process (smbd/process.c:1328) >==11222== by 0x81FB651: main (smbd/server.c:887) >==11222== by 0x42017498: __libc_start_main (in /lib/i686/libc-2.2.5.so) >==11222== by 0x8079590: (within /usr/local/samba/sbin/smbd) > >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >open_oplock_ipc: opening loopback UDP socket. >bind succeeded on port 0 >Linux kernel oplocks enabled >open_oplock ipc: pid = 11267, global_oplock_port = 45176 >Serverzone is 28800 >got smb length of 68 >got message type 0x81 of len 0x44 >Transaction 0 of length 72 >netbios connect: name1=THUNDERBIRD name2=NEWVM-WIN2KPRO1 >netbios connect: local=thunderbird remote=newvm-win2kpro1, name type = 0 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >claiming 0 >init msg_type=0x81 msg_flags=0x0 >write_socket(16,4) >write_socket(16,4) wrote 4 >got smb length of 133 >got message type 0x0 of len 0x85 >Transaction 1 of length 137 >size=133 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51283 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=0 >smt_wct=0 >smb_bcc=98 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >tdb(unnamed): tdb_brlock failed (fd=5) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable >[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG >[010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 >[020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for >open_oplock_ipc: opening loopback UDP socket. >[030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. >bind succeeded on port 0 >[040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM >[050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 >[060] 32 00 2. >Linux kernel oplocks enabled >open_oplock ipc: pid = 11268, global_oplock_port = 45177 >switch message SMBnegprot (pid 11267) >Serverzone is 28800 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Requested protocol [PC NETWORK PROGRAM 1.0] >Requested protocol [LANMAN1.0] >Requested protocol [Windows for Workgroups 3.1a] >Requested protocol [LM1.2X002] >Requested protocol [LANMAN2.1] >Requested protocol [NT LM 0.12] >set_remote_arch: Client arch is 'Win2K' >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >got smb length of 68 >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >got message type 0x81 of len 0x44 >Transaction 0 of length 72 >netbios connect: name1=THUNDERBIRD name2=NEWVM-WIN2KPRO1 >netbios connect: local=thunderbird remote=newvm-win2kpro1, name type = 0 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >claiming 0 >getpeername failed. Error was Transport endpoint is not connected >init msg_type=0x81 msg_flags=0x0 >using SPNEGO >Selected protocol NT LM 0.12 >negprot index=5 >write_socket(16,4) >size=177 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >write_socket_data: write failure. Error = Connection reset by peer >write_socket(16,4) wrote -1 >write_socket: Error writing 4 bytes to socket 16: ERRNO = Connection reset by peer >smb_mid=0 >smt_wct=17 >smb_vwv[ 0]= 5 (0x5) >smb_vwv[ 1]=12803 (0x3203) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >Error writing 4 bytes to client. -1. (Connection reset by peer) >smb_vwv[ 7]= 768 (0x300) >smb_vwv[ 8]= 44 (0x2C) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]=32995 (0x80E3) >smb_vwv[11]=32896 (0x8080) >smb_vwv[12]=30696 (0x77E8) >smb_vwv[13]=25786 (0x64BA) >smb_vwv[14]=50134 (0xC3D6) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >smb_vwv[15]=57345 (0xE001) >smb_vwv[16]=27649 (0x6C01) >smb_bcc=108 >NT user token: (NULL) >[000] 74 68 75 6E 64 65 72 62 69 72 64 00 00 00 00 00 thunderb ird..... >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >[010] 60 5A 06 06 2B 06 01 05 05 02 A0 50 30 4E A0 24 `Z..+... .. P0N $ >[020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. ÷......* >[030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H.÷.... ..+..... >[040] 37 02 02 0A A3 26 30 24 A0 22 1B 20 74 68 75 6E 7...£&0$ ". thun >[050] 64 65 72 62 69 72 64 24 40 4E 4F 52 54 48 41 4D derbird$ @NORTHAM >[060] 45 52 49 43 41 2E 53 4E 41 50 51 41 ERICA.SN APQA >write_socket(16,181) >write_socket(16,181) wrote 181 >change_to_root_user: now uid=(0,0) gid=(0,0) >Closing connections >Yielding connection to >receive_local_message: doing select with timeout of 1 ms >got smb length of 198 >got message type 0x0 of len 0xc6 >Transaction 2 of length 202 >size=198 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=3648 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 198 (0xC6) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 66 (0x42) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=139 >Server exit (process_smb: send_smb failed.) >[000] 60 40 06 06 2B 06 01 05 05 02 A0 36 30 34 A0 0E `@..+... .. 604 . >[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 22 0...+... ..7...¢" >[020] 04 20 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 . NTLMSS P....... >[030] 08 E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .à...... ........ >[040] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[050] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 >[060] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o >[070] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[080] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... >switch message SMBsesssetupX (pid 11267) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got OID 1 3 6 1 4 1 311 2 2 10 >Got secblob of size 32 >Making default auth method list for security=ADS >Attempting to register auth backend rhosts >Successfully added auth method 'rhosts' >Attempting to register auth backend hostsequiv >Successfully added auth method 'hostsequiv' >Attempting to register auth backend sam >Successfully added auth method 'sam' >Attempting to register auth backend sam_ignoredomain >Successfully added auth method 'sam_ignoredomain' >Attempting to register auth backend unix >Successfully added auth method 'unix' >Attempting to register auth backend winbind >Successfully added auth method 'winbind' >Attempting to register auth backend smbserver >Successfully added auth method 'smbserver' >Attempting to register auth backend trustdomain >Successfully added auth method 'trustdomain' >Attempting to register auth backend ntdomain >Successfully added auth method 'ntdomain' >Attempting to register auth backend guest >Successfully added auth method 'guest' >Attempting to register auth backend fixed_challenge >Successfully added auth method 'fixed_challenge' >Attempting to register auth backend name_to_ntstatus >Successfully added auth method 'name_to_ntstatus' >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match winbind:ntdomain >load_auth_module: Attempting to find an auth method to match ntdomain >load_auth_module: auth method ntdomain has a valid init >load_auth_module: auth method winbind has a valid init >Got NTLMSSP neg_flags=0xe0088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: module winbind did not want to specify a challenge >auth_context challenge created by random >challenge is: >[000] 6E F8 25 8B C7 DF 29 EC nø%.Çß)ì >write_socket(16,318) >write_socket(16,318) wrote 318 >got smb length of 322 >got message type 0x0 of len 0x142 >Transaction 3 of length 326 >size=322 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=3712 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 322 (0x142) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 190 (0xBE) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=263 >[000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM >[010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... >[020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... >[030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... >[040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. >[050] 6E 00 61 00 5F 00 75 00 73 00 65 00 72 00 35 00 n.a._.u. s.e.r.5. >[060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. >[070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 F9 B1 N.2.K.P. R.O.1.ù± >[080] C2 23 7F 60 B2 85 00 00 00 00 00 00 00 00 00 00 Â#.`²... ........ >[090] 00 00 00 00 00 00 9C 96 84 D5 B7 37 3D C4 E3 8D ........ .Õ·7=Äã. >[0A0] 25 64 0D 04 74 51 9D A8 6E BB 92 91 14 8E DE D1 %d..tQ.¨ n»....ÞÑ >[0B0] A2 F1 C5 2D BA 7E EA 7C 33 CC 3E A6 79 5F 00 57 ¢ñÅ-º~ê| 3Ì>¦y_.W >[0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 >[0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. >[100] 00 30 00 00 00 00 00 .0..... >switch message SMBsesssetupX (pid 11267) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got user=[na_user5] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 >auth_context challenge set by NTLMSSP callback (NTLM2) >challenge is: >[000] 28 C6 1D 21 8D 44 82 39 (Æ.!.D.9 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >make_user_info_map: Mapping user [NL]\[na_user5] from workstation [NEWVM-WIN2KPRO1] >Opening cache file at /usr/local/samba/var/locks/gencache.tdb >tdb(unnamed): tdb_brlock failed (fd=19) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable >Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 > >no entry for trusted domain NL found. >attempting to make a user_info for na_user5 (na_user5) >making strings for na_user5's user_info struct >making blobs for na_user5's user_info struct >made an encrypted user_info for na_user5 (na_user5) >check_ntlm_password: Checking password for unmapped user [NL]\[na_user5]@[NEWVM-WIN2KPRO1] with the new password interface >check_ntlm_password: mapped user is: [NORTHAMERICA]\[na_user5]@[NEWVM-WIN2KPRO1] >check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >challenge is: >[000] 28 C6 1D 21 8D 44 82 39 (Æ.!.D.9 >check_ntlm_password: guest had nothing to say >is_myname("NORTHAMERICA") returns 0 >check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) >check_ntlm_password: sam had nothing to say >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > 000000 net_io_user_info3 > 0000 ptr_user_info : 00020004 > 000004 smb_io_time logon time > 0004 low : 1a92c9f0 > 0008 high: 01c3b092 > 00000c smb_io_time logoff time > 000c low : ffffffff > 0010 high: 7fffffff > 000014 smb_io_time kickoff time > 0014 low : ffffffff > 0018 high: 7fffffff > 00001c smb_io_time last set time > 001c low : 00000000 > 0020 high: 00000000 > 000024 smb_io_time can change time > 0024 low : 2a69c000 > 0028 high: 000000c9 > 00002c smb_io_time must change time > 002c low : ffffffff > 0030 high: 7fffffff > 000034 smb_io_unihdr hdr_user_name > 0034 uni_str_len: 0010 > 0036 uni_max_len: 0012 > 0038 buffer : 00020008 > 00003c smb_io_unihdr hdr_full_name > 003c uni_str_len: 0000 > 003e uni_max_len: 0000 > 0040 buffer : 00000000 > 000044 smb_io_unihdr hdr_logon_script > 0044 uni_str_len: 0000 > 0046 uni_max_len: 0000 > 0048 buffer : 00000000 > 00004c smb_io_unihdr hdr_profile_path > 004c uni_str_len: 0000 > 004e uni_max_len: 0000 > 0050 buffer : 00000000 > 000054 smb_io_unihdr hdr_home_dir > 0054 uni_str_len: 0000 > 0056 uni_max_len: 0000 > 0058 buffer : 00000000 > 00005c smb_io_unihdr hdr_dir_drive > 005c uni_str_len: 0000 > 005e uni_max_len: 0000 > 0060 buffer : 00000000 > 0064 logon_count : 0002 > 0066 bad_pw_count : 0000 > 0068 user_rid : 0000046e > 006c group_rid : 00000201 > 0070 num_groups : 00000002 > 0074 buffer_groups : 0002000c > 0078 user_flgs : 00000120 > 007c user_sess_key: 8f fb 57 47 8e de c9 e2 0a 73 4c 22 ce b2 f1 98 > 00008c smb_io_unihdr hdr_logon_srv > 008c uni_str_len: 001c > 008e uni_max_len: 001e > 0090 buffer : 00020010 > 000094 smb_io_unihdr hdr_logon_dom > 0094 uni_str_len: 0018 > 0096 uni_max_len: 001a > 0098 buffer : 00020014 > 009c buffer_dom_id : 00020018 > 00a0 padding : 00 00 00 00 00 00 00 00 79 bc 95 0f b2 dd 1e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00c8 num_other_sids: 00000000 > 00cc buffer_other_sids: 00000000 > 0000d0 smb_io_unistr2 uni_user_name > 00d0 uni_max_len: 00000009 > 00d4 offset : 00000000 > 00d8 uni_str_len: 00000008 > 00dc buffer : n.a._.U.s.e.r.5. > 0000ec smb_io_unistr2 - NULL uni_full_name > 0000ec smb_io_unistr2 - NULL uni_logon_script > 0000ec smb_io_unistr2 - NULL uni_profile_path > 0000ec smb_io_unistr2 - NULL uni_home_dir > 0000ec smb_io_unistr2 - NULL uni_dir_drive > 00ec num_groups2 : 00000002 > 0000f0 smb_io_gid > 00f0 g_rid: 00000201 > 00f4 attr : 00000007 > 0000f8 smb_io_gid > 00f8 g_rid: 000023b8 > 00fc attr : 00000007 > 000100 smb_io_unistr2 uni_logon_srv > 0100 uni_max_len: 0000000f > 0104 offset : 00000000 > 0108 uni_str_len: 0000000e > 010c buffer : N.O.R.T.H.A.M.E.R.I.C.A.D.C. > 000128 smb_io_unistr2 uni_logon_dom > 0128 uni_max_len: 0000000d > 012c offset : 00000000 > 0130 uni_str_len: 0000000c > 0134 buffer : N.O.R.T.H.A.M.E.R.I.C.A. > 00014c smb_io_dom_sid2 > 014c num_auths: 00000004 > 000150 smb_io_dom_sid sid > 0150 sid_rev_num: 01 > 0151 num_auths : 04 > 0152 id_auth[0] : 00 > 0153 id_auth[1] : 00 > 0154 id_auth[2] : 00 > 0155 id_auth[3] : 00 > 0156 id_auth[4] : 00 > 0157 id_auth[5] : 05 > 0158 sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb >Finding user NORTHAMERICA\na_user5 >Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 >Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! >fill_sam_account: located username was [NORTHAMERICA\na_user5] >pdb_set_username: setting username NORTHAMERICA\na_user5, was >element 11 -> now SET >pdb_set_full_name: setting full name na_User5, was >element 12 -> now SET >pdb_set_unix_homedir: setting home dir /home/NORTHAMERICA/na_user5, was NULL >element 21 -> now SET >pdb_set_domain: setting domain THUNDERBIRD, was >pdb_set_user_sid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 >element 17 -> now SET >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 from rid 79856 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_group_sid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 >element 18 -> now SET >pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 from rid 64895 >Home server: thunderbird >pdb_set_profile_path: setting profile path \\thunderbird\NORTHAMERICA\na_user5\profile, was >Home server: thunderbird >pdb_set_homedir: setting home dir \\thunderbird\NORTHAMERICA\na_user5, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >pdb_set_nt_username: setting nt username na_User5, was >pdb_set_username: setting username na_User5, was NORTHAMERICA\na_user5 >pdb_set_domain: setting domain NORTHAMERICA, was THUNDERBIRD >pdb_set_user_sid: setting user sid S-1-5-21-2700928644-3666989044-3468193467-1134 >pdb_set_group_sid: setting group sid S-1-5-21-2700928644-3666989044-3468193467-513 >pdb_set_full_name: setting full name , was na_User5 >pdb_set_logon_script: setting logon script , was >pdb_set_profile_path: setting profile path , was \\thunderbird\NORTHAMERICA\na_user5\profile >pdb_set_homedir: setting home dir , was \\thunderbird\NORTHAMERICA\na_user5 >pdb_set_dir_drive: setting dir drive , was >==11267== Syscall param write(buf) contains uninitialised or unaddressable byte(s) >==11267== at 0x420DACE4: __libc_write (in /lib/i686/libc-2.2.5.so) >==11267== by 0x81AAC6A: winbindd_send_request (nsswitch/wb_common.c:420) >==11267== by 0x81AAD16: winbindd_request (nsswitch/wb_common.c:468) >==11267== by 0x81A9C21: wb_getgroups (nsswitch/wb_client.c:253) >==11267== by 0x81D2D1A: get_user_groups (auth/auth_util.c:664) >==11267== by 0x81D3EBC: make_server_info_info3 (auth/auth_util.c:1177) >==11267== by 0x81CF87E: check_winbind_security (auth/auth_winbind.c:133) >==11267== by 0x81CD1E4: check_ntlm_password (auth/auth.c:255) >==11267== by 0x81D4DA5: auth_ntlmssp_check_password (auth/auth_ntlmssp.c:120) >==11267== by 0x80E81A5: ntlmssp_server_auth (libsmb/ntlmssp.c:664) >==11267== by 0x80E761A: ntlmssp_update (libsmb/ntlmssp.c:259) >==11267== by 0x81D50A9: auth_ntlmssp_update (auth/auth_ntlmssp.c:199) >==11267== by 0x80A4C9C: reply_spnego_auth (smbd/sesssetup.c:480) >==11267== by 0x80A4F47: reply_sesssetup_and_X_spnego (smbd/sesssetup.c:563) >==11267== by 0x80A516B: reply_sesssetup_and_X (smbd/sesssetup.c:645) >==11267== by 0x80BFE38: switch_message (smbd/process.c:767) >==11267== by 0x80BFEDD: construct_reply (smbd/process.c:797) >==11267== by 0x80C01E6: process_smb (smbd/process.c:897) >==11267== by 0x80C0C53: smbd_process (smbd/process.c:1328) >==11267== by 0x81FB651: main (smbd/server.c:887) >==11267== by 0x42017498: __libc_start_main (in /lib/i686/libc-2.2.5.so) >==11267== by 0x8079590: (within /usr/local/samba/sbin/smbd) >==11267== Address 0xBFFFD1FC is on thread 1's stack >get_user_groups: winbind_getgroups(NORTHAMERICA\na_user5): result = SUCCESS >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >gid_to_sid: winbindd 31947 -> S-1-5-21-2700928644-3666989044-3468193467-513 >gid_to_sid: winbindd 31956 -> S-1-5-21-2700928644-3666989044-3468193467-9144 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >check_ntlm_password: winbind authentication for user [na_user5] succeeded >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: PAM Account for user [NORTHAMERICA\na_user5] succeeded >check_ntlm_password: authentication for user [na_user5] -> [na_user5] -> [NORTHAMERICA\na_user5] succeeded >attempting to free (and zero) a user_info structure >structure was created for na_user5 >Got NT session key of length 16 >Got LM session key of length 16 >ntlmssp_server_auth: Created NTLM2 session key. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >register_vuid: allocated vuid = 100 >register_vuid: (39428,31947) NORTHAMERICA\na_user5 na_user5 NORTHAMERICA guest=0 >User name: NORTHAMERICA\na_user5 Real name: >UNIX uid 39428 is UNIX user NORTHAMERICA\na_user5, and will be vuid 100 >Adding/updating homes service for user 'NORTHAMERICA\na_user5' using home directory: '/home/NORTHAMERICA/na_user5' >lp_servicenumber: couldn't find homes >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 92 >got message type 0x0 of len 0x5c >Transaction 4 of length 96 >size=92 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=3776 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=49 >[000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E >[010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 50 00 55 .R.B.I.R .D.\.P.U >[020] 00 42 00 4C 00 49 00 43 00 00 00 3F 3F 3F 3F 3F .B.L.I.C ...????? >[030] 00 . >switch message SMBtconX (pid 11267) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [PUBLIC] >making a connection to 'normal' service public >Finding user NORTHAMERICA\na_user5 >Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 >Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! >Connect path is '/public' for service [public] >get_share_security: using default secdesc for public >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. >se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >Initialising default vfs hooks >claiming public 0 >get_share_security: using default secdesc for public >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. >se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >newvm-win2kpro1 (10.33.1.222) connect to service public initially as user NORTHAMERICA\na_user5 (uid=39428, gid=31947) (pid 11267) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=PUBLIC >size=54 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=3776 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=13 >[000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... >write_socket(16,58) >write_socket(16,58) wrote 58 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 5 of length 90 >size=86 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=3840 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 256 (0x100) >smb_vwv[ 8]= 4096 (0x1000) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 256 (0x100) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=3 >[000] 00 00 00 ... >switch message SMBntcreateX (pid 11267) >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >vfs_ChDir to /public >reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x100001, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "" >unix_clean_name [] >conversion finished . -> . >unix_mode(.) returning 0777 >allocated file structure 3493, fnum = 7589 (1 used) >open_directory: opening directory . >dos_mode: . >is_in_path: . >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 7589, open name = . >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=3840 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=42240 (0xA500) >smb_vwv[ 3]= 285 (0x11D) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]=28013 (0x6D6D) >smb_vwv[ 7]=23772 (0x5CDC) >smb_vwv[ 8]=50134 (0xC3D6) >smb_vwv[ 9]=32769 (0x8001) >smb_vwv[10]=30696 (0x77E8) >smb_vwv[11]=25786 (0x64BA) >smb_vwv[12]=50134 (0xC3D6) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]=28013 (0x6D6D) >smb_vwv[15]=23772 (0x5CDC) >smb_vwv[16]=50134 (0xC3D6) >smb_vwv[17]= 1 (0x1) >smb_vwv[18]=28013 (0x6D6D) >smb_vwv[19]=23772 (0x5CDC) >smb_vwv[20]=50134 (0xC3D6) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 6 of length 90 >size=86 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=3905 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 256 (0x100) >smb_vwv[ 8]= 4096 (0x1000) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 512 (0x200) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 256 (0x100) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=3 >[000] 00 00 00 ... >switch message SMBntcreateX (pid 11267) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x1 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x2 to 0x10 >map_share_mode: Mapped desired access 0x100001, share access 0x3, file attributes 0x80 to open_mode 0x40 >unix_convert called on file "" >unix_clean_name [] >conversion finished . -> . >unix_mode(.) returning 0777 >allocated file structure 3494, fnum = 7590 (2 used) >freed files structure 7590 (1 used) >set_bad_path_error: err = 17 bad_path = 0 >error string = File exists >error packet at smbd/trans2.c(1811) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_COLLISION >size=35 >smb_com=0xa2 >smb_rcls=53 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=3905 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 7 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=3968 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 23 (0x17) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 7589 (0x1DA5) >smb_vwv[22]= 0 (0x0) >smb_bcc=3 >[000] 00 34 00 .4. >switch message SMBnttrans (pid 11267) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] 17 00 00 00 A5 1D 00 00 ....¥... >call_nt_transact_notify_change >kernel change notify on . (ntflags=0x17 flags=0x3e) fd=27 >call_nt_transact_notify_change: notify change called on directory name = . >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 8 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4034 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 3 (0x3) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 7589 (0x1DA5) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[000] 00 34 00 .4. >switch message SMBnttrans (pid 11267) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] 03 00 00 00 A5 1D 01 00 ....¥... >call_nt_transact_notify_change >kernel change notify on . (ntflags=0x3 flags=0x1e) fd=28 >call_nt_transact_notify_change: notify change called on directory name = . >got smb length of 106 >got message type 0x0 of len 0x6a >Transaction 9 of length 110 >size=106 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=4097 >smt_wct=15 >smb_vwv[ 0]= 38 (0x26) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 38 (0x26) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=41 >[000] 05 00 00 EC 03 00 00 00 00 5C 00 4E 00 65 00 77 ...ì.... .\.N.e.w >[010] 00 20 00 46 00 6F 00 6C 00 64 00 65 00 72 00 20 . .F.o.l .d.e.r. >[020] 00 28 00 32 00 29 00 00 00 .(.2.).. . >switch message SMBtrans2 (pid 11267) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\New Folder (2)" >unix_clean_name [/New Folder (2)] >stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] >unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >New file New Folder (2) >is_in_path: New Folder (2) >is_in_path: no name list. >unix_clean_name [New Folder (2)] >call_trans2qfilepathinfo: SMB_VFS_STAT of New Folder (2) failed (No such file or directory) >set_bad_path_error: err = 2 bad_path = 0 >error string = No such file or directory >error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=8 >smb_uid=100 >smb_mid=4097 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 116 >got message type 0x0 of len 0x74 >Transaction 10 of length 120 >size=116 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4161 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 7680 (0x1E00) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 256 (0x100) >smb_vwv[ 8]= 4096 (0x1000) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=32768 (0x8000) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 768 (0x300) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 512 (0x200) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 256 (0x100) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=33 >[000] 00 5C 00 4E 00 65 00 77 00 20 00 46 00 6F 00 6C .\.N.e.w . .F.o.l >[010] 00 64 00 65 00 72 00 20 00 28 00 32 00 29 00 00 .d.e.r. .(.2.).. >[020] 00 . >switch message SMBntcreateX (pid 11267) >change_to_user: Skipping user change - already user >reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x2 create_options = 0x1 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x2 to 0x10 >map_share_mode: Mapped desired access 0x100001, share access 0x3, file attributes 0x80 to open_mode 0x40 >unix_convert called on file "\New Folder (2)" >unix_clean_name [/New Folder (2)] >stat_cache_lookup: lookup failed for name [NEW FOLDER (2)] >unix_convert begin: name = New Folder (2), dirpath = , start = New Folder (2) >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >is_mangled New Folder (2) ? >is_mangled_component New Folder (2) (len 14) ? >New file New Folder (2) >unix_mode(New Folder (2)) returning 0777 >allocated file structure 3495, fnum = 7591 (2 used) >unix_mode(New Folder (2)) returning 0777 >--11267-- FATAL: unhandled syscall: 229 >--11267-- Do not panic. You may be able to fix this easily. >--11267-- Read the file README_MISSING_SYSCALL_OR_IOCTL. >==11267== >==11267== Valgrind detected that your program requires >==11267== the following unimplemented functionality: >==11267== no wrapper for the above system call >==11267== This may be because the functionality is hard to implement, >==11267== or because no reasonable program would behave this way, >==11267== or because nobody has yet needed it. In any case, let me know >==11267== (jseward@acm.org) and/or try to work around the problem, if you can. >==11267== >==11267== Valgrind has to exit now. Sorry. Bye! >==11267== > >sched status: > >Thread 1: status = Runnable, associated_mx = 0x0, associated_cv = 0x0 >==11267== at 0x420E45ED: syscall (in /lib/i686/libc-2.2.5.so) >==11267== by 0x40464C44: acl_get_file (acl_get_file.c:58) >==11267== by 0x80BF024: directory_has_default_acl (smbd/posix_acls.c:3374) >==11267== by 0x80B7BD4: vfswrap_mkdir (smbd/vfs-wrap.c:118) >==11267== by 0x80B6171: vfs_MkDir (smbd/vfs.c:357) >==11267== by 0x80B2CE3: open_directory (smbd/open.c:1308) >==11267== by 0x8095B2D: reply_ntcreate_and_X (smbd/nttrans.c:777) >==11267== by 0x80BFE38: switch_message (smbd/process.c:767) >==11267== by 0x80BFEDD: construct_reply (smbd/process.c:797) >==11267== by 0x80C01E6: process_smb (smbd/process.c:897) >==11267== by 0x80C0C53: smbd_process (smbd/process.c:1328) >==11267== by 0x81FB651: main (smbd/server.c:887) >==11267== by 0x42017498: __libc_start_main (in /lib/i686/libc-2.2.5.so) >==11267== by 0x8079590: (within /usr/local/samba/sbin/smbd) > >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >open_oplock_ipc: opening loopback UDP socket. >bind succeeded on port 0 >Linux kernel oplocks enabled >open_oplock ipc: pid = 11271, global_oplock_port = 45177 >Serverzone is 28800 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >tdb(unnamed): tdb_brlock failed (fd=5) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable >open_oplock_ipc: opening loopback UDP socket. >bind succeeded on port 0 >got smb length of 68 >Linux kernel oplocks enabled >open_oplock ipc: pid = 11272, global_oplock_port = 45178 >Serverzone is 28800 >got message type 0x81 of len 0x44 >Transaction 0 of length 72 >netbios connect: name1=THUNDERBIRD name2=NEWVM-WIN2KPRO1 >netbios connect: local=thunderbird remote=newvm-win2kpro1, name type = 0 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >claiming 0 >init msg_type=0x81 msg_flags=0x0 >write_socket(16,4) >got smb length of 68 >write_socket(16,4) wrote 4 >got message type 0x81 of len 0x44 >got smb length of 133 >Transaction 0 of length 72 >got message type 0x0 of len 0x85 >Transaction 1 of length 137 >size=133 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51283 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=0 >smt_wct=0 >smb_bcc=98 >netbios connect: name1=THUNDERBIRD name2=NEWVM-WIN2KPRO1 >[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG >netbios connect: local=thunderbird remote=newvm-win2kpro1, name type = 0 >[010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >[020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >[030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >[040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM >claiming 0 >[050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 >getpeername failed. Error was Transport endpoint is not connected >init msg_type=0x81 msg_flags=0x0 >[060] 32 00 2. >write_socket(16,4) >switch message SMBnegprot (pid 11271) >write_socket_data: write failure. Error = Connection reset by peer >write_socket(16,4) wrote -1 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >write_socket: Error writing 4 bytes to socket 16: ERRNO = Connection reset by peer >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >Error writing 4 bytes to client. -1. (Connection reset by peer) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Requested protocol [PC NETWORK PROGRAM 1.0] >change_to_root_user: now uid=(0,0) gid=(0,0) >Requested protocol [LANMAN1.0] >Requested protocol [Windows for Workgroups 3.1a] >Requested protocol [LM1.2X002] >Requested protocol [LANMAN2.1] >Requested protocol [NT LM 0.12] >set_remote_arch: Client arch is 'Win2K' >Closing connections >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 >Yielding connection to > >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >receive_local_message: doing select with timeout of 1 ms >Server exit (process_smb: send_smb failed.) >using SPNEGO >Selected protocol NT LM 0.12 >negprot index=5 >size=177 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=0 >smt_wct=17 >smb_vwv[ 0]= 5 (0x5) >smb_vwv[ 1]=12803 (0x3203) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 1792 (0x700) >smb_vwv[ 8]= 44 (0x2C) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]=32995 (0x80E3) >smb_vwv[11]=32896 (0x8080) >smb_vwv[12]=43285 (0xA915) >smb_vwv[13]=25787 (0x64BB) >smb_vwv[14]=50134 (0xC3D6) >smb_vwv[15]=57345 (0xE001) >smb_vwv[16]=27649 (0x6C01) >smb_bcc=108 >[000] 74 68 75 6E 64 65 72 62 69 72 64 00 00 00 00 00 thunderb ird..... >[010] 60 5A 06 06 2B 06 01 05 05 02 A0 50 30 4E A0 24 `Z..+... .. P0N $ >[020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. ÷......* >[030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H.÷.... ..+..... >[040] 37 02 02 0A A3 26 30 24 A0 22 1B 20 74 68 75 6E 7...£&0$ ". thun >[050] 64 65 72 62 69 72 64 24 40 4E 4F 52 54 48 41 4D derbird$ @NORTHAM >[060] 45 52 49 43 41 2E 53 4E 41 50 51 41 ERICA.SN APQA >write_socket(16,181) >write_socket(16,181) wrote 181 >got smb length of 198 >got message type 0x0 of len 0xc6 >Transaction 2 of length 202 >size=198 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=4224 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 198 (0xC6) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 66 (0x42) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=139 >[000] 60 40 06 06 2B 06 01 05 05 02 A0 36 30 34 A0 0E `@..+... .. 604 . >[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 22 0...+... ..7...¢" >[020] 04 20 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 . NTLMSS P....... >[030] 08 E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .à...... ........ >[040] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[050] 00 20 00 32 00 30 00 30 00 30 00 20 00 32 00 31 . .2.0.0 .0. .2.1 >[060] 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 00 6F .9.5...W .i.n.d.o >[070] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. >[080] 00 35 00 2E 00 30 00 00 00 00 00 .5...0.. ... >switch message SMBsesssetupX (pid 11271) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got OID 1 3 6 1 4 1 311 2 2 10 >Got secblob of size 32 >Making default auth method list for security=ADS >Attempting to register auth backend rhosts >Successfully added auth method 'rhosts' >Attempting to register auth backend hostsequiv >Successfully added auth method 'hostsequiv' >Attempting to register auth backend sam >Successfully added auth method 'sam' >Attempting to register auth backend sam_ignoredomain >Successfully added auth method 'sam_ignoredomain' >Attempting to register auth backend unix >Successfully added auth method 'unix' >Attempting to register auth backend winbind >Successfully added auth method 'winbind' >Attempting to register auth backend smbserver >Successfully added auth method 'smbserver' >Attempting to register auth backend trustdomain >Successfully added auth method 'trustdomain' >Attempting to register auth backend ntdomain >Successfully added auth method 'ntdomain' >Attempting to register auth backend guest >Successfully added auth method 'guest' >Attempting to register auth backend fixed_challenge >Successfully added auth method 'fixed_challenge' >Attempting to register auth backend name_to_ntstatus >Successfully added auth method 'name_to_ntstatus' >load_auth_module: Attempting to find an auth method to match guest >load_auth_module: auth method guest has a valid init >load_auth_module: Attempting to find an auth method to match sam >load_auth_module: auth method sam has a valid init >load_auth_module: Attempting to find an auth method to match winbind:ntdomain >load_auth_module: Attempting to find an auth method to match ntdomain >load_auth_module: auth method ntdomain has a valid init >load_auth_module: auth method winbind has a valid init >Got NTLMSSP neg_flags=0xe0088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >auth_get_challenge: module guest did not want to specify a challenge >auth_get_challenge: module sam did not want to specify a challenge >auth_get_challenge: module winbind did not want to specify a challenge >auth_context challenge created by random >challenge is: >[000] 1D 2A 77 25 3E A0 09 0B .*w%> .. >write_socket(16,318) >write_socket(16,318) wrote 318 >got smb length of 322 >got message type 0x0 of len 0x142 >Transaction 3 of length 326 >size=322 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=0 >smb_mid=4288 >smt_wct=12 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 322 (0x142) >smb_vwv[ 2]=16644 (0x4104) >smb_vwv[ 3]= 50 (0x32) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 190 (0xBE) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 212 (0xD4) >smb_vwv[11]=32768 (0x8000) >smb_bcc=263 >[000] A1 81 BB 30 81 B8 A2 81 B5 04 81 B2 4E 54 4C 4D ¡.»0.¸¢. µ..²NTLM >[010] 53 53 50 00 03 00 00 00 18 00 18 00 72 00 00 00 SSP..... ....r... >[020] 18 00 18 00 8A 00 00 00 04 00 04 00 40 00 00 00 ........ ....@... >[030] 10 00 10 00 44 00 00 00 1E 00 1E 00 54 00 00 00 ....D... ....T... >[040] 10 00 10 00 A2 00 00 00 15 82 88 60 4E 00 4C 00 ....¢... ...`N.L. >[050] 6E 00 61 00 5F 00 75 00 73 00 65 00 72 00 35 00 n.a._.u. s.e.r.5. >[060] 4E 00 45 00 57 00 56 00 4D 00 2D 00 57 00 49 00 N.E.W.V. M.-.W.I. >[070] 4E 00 32 00 4B 00 50 00 52 00 4F 00 31 00 09 46 N.2.K.P. R.O.1..F >[080] F0 DB B7 D8 89 E6 00 00 00 00 00 00 00 00 00 00 ðÛ·Ø.æ.. ........ >[090] 00 00 00 00 00 00 7C AF D6 4A 31 41 0D 19 0B 58 ......|¯ ÖJ1A...X >[0A0] 63 22 1C CF B3 3F A0 54 E0 B0 82 90 91 E9 99 5B c".ϳ? T à°...é.[ >[0B0] D7 59 C3 EC 68 BB 5F 7F F5 EA 3B DB 15 9F 00 57 ×YÃìh»_. õê;Û...W >[0C0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 >[0D0] 00 30 00 30 00 30 00 20 00 32 00 31 00 39 00 35 .0.0.0. .2.1.9.5 >[0E0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[0F0] 00 20 00 32 00 30 00 30 00 30 00 20 00 35 00 2E . .2.0.0 .0. .5.. >[100] 00 30 00 00 00 00 00 .0..... >switch message SMBsesssetupX (pid 11271) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >wct=12 flg2=0xc807 >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >Doing spnego session setup >NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] >Got user=[na_user5] domain=[NL] workstation=[NEWVM-WIN2KPRO1] len1=24 len2=24 >auth_context challenge set by NTLMSSP callback (NTLM2) >challenge is: >[000] 9D 54 A6 7E 3F 95 27 B2 .T¦~?.'² >lp_file_list_changed() >file /etc/smb_shares.conf -> /etc/smb_shares.conf last mod_time: Wed Dec 31 16:00:00 1969 > >file /etc/smb.conf.perm -> /etc/smb.conf.perm last mod_time: Wed Dec 31 16:00:00 1969 > >file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jan 8 17:29:02 2004 > >make_user_info_map: Mapping user [NL]\[na_user5] from workstation [NEWVM-WIN2KPRO1] >Opening cache file at /usr/local/samba/var/locks/gencache.tdb >tdb(unnamed): tdb_brlock failed (fd=19) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable >Returning expired cache entry: key = TDOM/NL, value = S-1-5-21-1202660629-1343024091-854245398, timeout = Thu Jan 8 16:41:20 2004 > >no entry for trusted domain NL found. >attempting to make a user_info for na_user5 (na_user5) >making strings for na_user5's user_info struct >making blobs for na_user5's user_info struct >made an encrypted user_info for na_user5 (na_user5) >check_ntlm_password: Checking password for unmapped user [NL]\[na_user5]@[NEWVM-WIN2KPRO1] with the new password interface >check_ntlm_password: mapped user is: [NORTHAMERICA]\[na_user5]@[NEWVM-WIN2KPRO1] >check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >challenge is: >[000] 9D 54 A6 7E 3F 95 27 B2 .T¦~?.'² >check_ntlm_password: guest had nothing to say >is_myname("NORTHAMERICA") returns 0 >check_samstrict_security: NORTHAMERICA is not one of my local names (ROLE_DOMAIN_MEMBER) >check_ntlm_password: sam had nothing to say >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > 000000 net_io_user_info3 > 0000 ptr_user_info : 00020004 > 000004 smb_io_time logon time > 0004 low : 1a92c9f0 > 0008 high: 01c3b092 > 00000c smb_io_time logoff time > 000c low : ffffffff > 0010 high: 7fffffff > 000014 smb_io_time kickoff time > 0014 low : ffffffff > 0018 high: 7fffffff > 00001c smb_io_time last set time > 001c low : 00000000 > 0020 high: 00000000 > 000024 smb_io_time can change time > 0024 low : 2a69c000 > 0028 high: 000000c9 > 00002c smb_io_time must change time > 002c low : ffffffff > 0030 high: 7fffffff > 000034 smb_io_unihdr hdr_user_name > 0034 uni_str_len: 0010 > 0036 uni_max_len: 0012 > 0038 buffer : 00020008 > 00003c smb_io_unihdr hdr_full_name > 003c uni_str_len: 0000 > 003e uni_max_len: 0000 > 0040 buffer : 00000000 > 000044 smb_io_unihdr hdr_logon_script > 0044 uni_str_len: 0000 > 0046 uni_max_len: 0000 > 0048 buffer : 00000000 > 00004c smb_io_unihdr hdr_profile_path > 004c uni_str_len: 0000 > 004e uni_max_len: 0000 > 0050 buffer : 00000000 > 000054 smb_io_unihdr hdr_home_dir > 0054 uni_str_len: 0000 > 0056 uni_max_len: 0000 > 0058 buffer : 00000000 > 00005c smb_io_unihdr hdr_dir_drive > 005c uni_str_len: 0000 > 005e uni_max_len: 0000 > 0060 buffer : 00000000 > 0064 logon_count : 0002 > 0066 bad_pw_count : 0000 > 0068 user_rid : 0000046e > 006c group_rid : 00000201 > 0070 num_groups : 00000002 > 0074 buffer_groups : 0002000c > 0078 user_flgs : 00000120 > 007c user_sess_key: 8f fb 57 47 8e de c9 e2 0a 73 4c 22 ce b2 f1 98 > 00008c smb_io_unihdr hdr_logon_srv > 008c uni_str_len: 001c > 008e uni_max_len: 001e > 0090 buffer : 00020010 > 000094 smb_io_unihdr hdr_logon_dom > 0094 uni_str_len: 0018 > 0096 uni_max_len: 001a > 0098 buffer : 00020014 > 009c buffer_dom_id : 00020018 > 00a0 padding : 00 00 00 00 00 00 00 00 79 bc 95 0f b2 dd 1e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00c8 num_other_sids: 00000000 > 00cc buffer_other_sids: 00000000 > 0000d0 smb_io_unistr2 uni_user_name > 00d0 uni_max_len: 00000009 > 00d4 offset : 00000000 > 00d8 uni_str_len: 00000008 > 00dc buffer : n.a._.U.s.e.r.5. > 0000ec smb_io_unistr2 - NULL uni_full_name > 0000ec smb_io_unistr2 - NULL uni_logon_script > 0000ec smb_io_unistr2 - NULL uni_profile_path > 0000ec smb_io_unistr2 - NULL uni_home_dir > 0000ec smb_io_unistr2 - NULL uni_dir_drive > 00ec num_groups2 : 00000002 > 0000f0 smb_io_gid > 00f0 g_rid: 00000201 > 00f4 attr : 00000007 > 0000f8 smb_io_gid > 00f8 g_rid: 000023b8 > 00fc attr : 00000007 > 000100 smb_io_unistr2 uni_logon_srv > 0100 uni_max_len: 0000000f > 0104 offset : 00000000 > 0108 uni_str_len: 0000000e > 010c buffer : N.O.R.T.H.A.M.E.R.I.C.A.D.C. > 000128 smb_io_unistr2 uni_logon_dom > 0128 uni_max_len: 0000000d > 012c offset : 00000000 > 0130 uni_str_len: 0000000c > 0134 buffer : N.O.R.T.H.A.M.E.R.I.C.A. > 00014c smb_io_dom_sid2 > 014c num_auths: 00000004 > 000150 smb_io_dom_sid sid > 0150 sid_rev_num: 01 > 0151 num_auths : 04 > 0152 id_auth[0] : 00 > 0153 id_auth[1] : 00 > 0154 id_auth[2] : 00 > 0155 id_auth[3] : 00 > 0156 id_auth[4] : 00 > 0157 id_auth[5] : 05 > 0158 sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb >Finding user NORTHAMERICA\na_user5 >Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 >Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! >fill_sam_account: located username was [NORTHAMERICA\na_user5] >pdb_set_username: setting username NORTHAMERICA\na_user5, was >element 11 -> now SET >pdb_set_full_name: setting full name na_User5, was >element 12 -> now SET >pdb_set_unix_homedir: setting home dir /home/NORTHAMERICA/na_user5, was NULL >element 21 -> now SET >pdb_set_domain: setting domain THUNDERBIRD, was >pdb_set_user_sid: setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 >element 17 -> now SET >pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1230831274-1854532264-3937569523-79856 from rid 79856 >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >pdb_set_group_sid: setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 >element 18 -> now SET >pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-1230831274-1854532264-3937569523-64895 from rid 64895 >Home server: thunderbird >pdb_set_profile_path: setting profile path \\thunderbird\NORTHAMERICA\na_user5\profile, was >Home server: thunderbird >pdb_set_homedir: setting home dir \\thunderbird\NORTHAMERICA\na_user5, was >pdb_set_dir_drive: setting dir drive , was NULL >pdb_set_logon_script: setting logon script , was >pdb_set_nt_username: setting nt username na_User5, was >pdb_set_username: setting username na_User5, was NORTHAMERICA\na_user5 >pdb_set_domain: setting domain NORTHAMERICA, was THUNDERBIRD >pdb_set_user_sid: setting user sid S-1-5-21-2700928644-3666989044-3468193467-1134 >pdb_set_group_sid: setting group sid S-1-5-21-2700928644-3666989044-3468193467-513 >pdb_set_full_name: setting full name , was na_User5 >pdb_set_logon_script: setting logon script , was >pdb_set_profile_path: setting profile path , was \\thunderbird\NORTHAMERICA\na_user5\profile >pdb_set_homedir: setting home dir , was \\thunderbird\NORTHAMERICA\na_user5 >pdb_set_dir_drive: setting dir drive , was >==11271== Syscall param write(buf) contains uninitialised or unaddressable byte(s) >==11271== at 0x420DACE4: __libc_write (in /lib/i686/libc-2.2.5.so) >==11271== by 0x81AAC6A: winbindd_send_request (nsswitch/wb_common.c:420) >==11271== by 0x81AAD16: winbindd_request (nsswitch/wb_common.c:468) >==11271== by 0x81A9C21: wb_getgroups (nsswitch/wb_client.c:253) >==11271== by 0x81D2D1A: get_user_groups (auth/auth_util.c:664) >==11271== by 0x81D3EBC: make_server_info_info3 (auth/auth_util.c:1177) >==11271== by 0x81CF87E: check_winbind_security (auth/auth_winbind.c:133) >==11271== by 0x81CD1E4: check_ntlm_password (auth/auth.c:255) >==11271== by 0x81D4DA5: auth_ntlmssp_check_password (auth/auth_ntlmssp.c:120) >==11271== by 0x80E81A5: ntlmssp_server_auth (libsmb/ntlmssp.c:664) >==11271== by 0x80E761A: ntlmssp_update (libsmb/ntlmssp.c:259) >==11271== by 0x81D50A9: auth_ntlmssp_update (auth/auth_ntlmssp.c:199) >==11271== by 0x80A4C9C: reply_spnego_auth (smbd/sesssetup.c:480) >==11271== by 0x80A4F47: reply_sesssetup_and_X_spnego (smbd/sesssetup.c:563) >==11271== by 0x80A516B: reply_sesssetup_and_X (smbd/sesssetup.c:645) >==11271== by 0x80BFE38: switch_message (smbd/process.c:767) >==11271== by 0x80BFEDD: construct_reply (smbd/process.c:797) >==11271== by 0x80C01E6: process_smb (smbd/process.c:897) >==11271== by 0x80C0C53: smbd_process (smbd/process.c:1328) >==11271== by 0x81FB651: main (smbd/server.c:887) >==11271== by 0x42017498: __libc_start_main (in /lib/i686/libc-2.2.5.so) >==11271== by 0x8079590: (within /usr/local/samba/sbin/smbd) >==11271== Address 0xBFFFD1FC is on thread 1's stack >get_user_groups: winbind_getgroups(NORTHAMERICA\na_user5): result = SUCCESS >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >gid_to_sid: winbindd 31947 -> S-1-5-21-2700928644-3666989044-3468193467-513 >gid_to_sid: winbindd 31956 -> S-1-5-21-2700928644-3666989044-3468193467-9144 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >check_ntlm_password: winbind authentication for user [na_user5] succeeded >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >check_ntlm_password: PAM Account for user [NORTHAMERICA\na_user5] succeeded >check_ntlm_password: authentication for user [na_user5] -> [na_user5] -> [NORTHAMERICA\na_user5] succeeded >attempting to free (and zero) a user_info structure >structure was created for na_user5 >Got NT session key of length 16 >Got LM session key of length 16 >ntlmssp_server_auth: Created NTLM2 session key. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >register_vuid: allocated vuid = 100 >register_vuid: (39428,31947) NORTHAMERICA\na_user5 na_user5 NORTHAMERICA guest=0 >User name: NORTHAMERICA\na_user5 Real name: >UNIX uid 39428 is UNIX user NORTHAMERICA\na_user5, and will be vuid 100 >Adding/updating homes service for user 'NORTHAMERICA\na_user5' using home directory: '/home/NORTHAMERICA/na_user5' >lp_servicenumber: couldn't find homes >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 92 >got message type 0x0 of len 0x5c >Transaction 4 of length 96 >size=92 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=100 >smb_mid=4352 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 8 (0x8) >smb_vwv[ 3]= 1 (0x1) >smb_bcc=49 >[000] 00 5C 00 5C 00 54 00 48 00 55 00 4E 00 44 00 45 .\.\.T.H .U.N.D.E >[010] 00 52 00 42 00 49 00 52 00 44 00 5C 00 50 00 55 .R.B.I.R .D.\.P.U >[020] 00 42 00 4C 00 49 00 43 00 00 00 3F 3F 3F 3F 3F .B.L.I.C ...????? >[030] 00 . >switch message SMBtconX (pid 11271) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >Client requested device type [?????] for share [PUBLIC] >making a connection to 'normal' service public >Finding user NORTHAMERICA\na_user5 >Trying _Get_Pwnam(), username as lowercase is northamerica\na_user5 >Get_Pwnam_internals did find user [NORTHAMERICA\na_user5]! >Connect path is '/public' for service [public] >get_share_security: using default secdesc for public >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. >se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >Initialising default vfs hooks >claiming public 0 >get_share_security: using default secdesc for public >se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2700928644-3666989044-3468193467-1134. >se_access_check: user sid is S-1-5-21-2700928644-3666989044-3468193467-1134 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-513 >se_access_check: also S-1-1-0 >se_access_check: also S-1-5-2 >se_access_check: also S-1-5-11 >se_access_check: also S-1-5-21-2700928644-3666989044-3468193467-9144 >se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >se_access_check: access (2) granted. >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >newvm-win2kpro1 (10.33.1.222) connect to service public initially as user NORTHAMERICA\na_user5 (uid=39428, gid=31947) (pid 11271) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >tconX service=PUBLIC >size=54 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=65279 >smb_uid=100 >smb_mid=4352 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=13 >[000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... >write_socket(16,58) >write_socket(16,58) wrote 58 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 5 of length 90 >size=86 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4416 >smt_wct=24 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]=57054 (0xDEDE) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4096 (0x1000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 256 (0x100) >smb_vwv[ 8]= 4096 (0x1000) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 1792 (0x700) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 256 (0x100) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 256 (0x100) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 512 (0x200) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_bcc=3 >[000] 00 00 00 ... >switch message SMBntcreateX (pid 11271) >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >vfs_ChDir to /public >reply_ntcreateX: flags = 0x10, desired_access = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0 >map_create_disposition: Mapped create_disposition 0x1 to 0x1 >map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 >map_share_mode: Mapped desired access 0x100001, share access 0x7, file attributes 0x0 to open_mode 0x8040 >unix_convert called on file "" >unix_clean_name [] >conversion finished . -> . >unix_mode(.) returning 0777 >allocated file structure 3503, fnum = 7599 (1 used) >open_directory: opening directory . >dos_mode: . >is_in_path: . >is_in_path: no name list. >dos_mode returning d >reply_ntcreate_and_X: fnum = 7599, open name = . >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4416 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=44800 (0xAF00) >smb_vwv[ 3]= 285 (0x11D) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]=28013 (0x6D6D) >smb_vwv[ 7]=23772 (0x5CDC) >smb_vwv[ 8]=50134 (0xC3D6) >smb_vwv[ 9]=32769 (0x8001) >smb_vwv[10]=43285 (0xA915) >smb_vwv[11]=25787 (0x64BB) >smb_vwv[12]=50134 (0xC3D6) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]=28013 (0x6D6D) >smb_vwv[15]=23772 (0x5CDC) >smb_vwv[16]=50134 (0xC3D6) >smb_vwv[17]= 1 (0x1) >smb_vwv[18]=28013 (0x6D6D) >smb_vwv[19]=23772 (0x5CDC) >smb_vwv[20]=50134 (0xC3D6) >smb_vwv[21]= 4097 (0x1001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 256 (0x100) >smb_bcc=0 >write_socket(16,107) >write_socket(16,107) wrote 107 >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 6 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4480 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 23 (0x17) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 7599 (0x1DAF) >smb_vwv[22]= 0 (0x0) >smb_bcc=3 >[000] 00 63 00 .c. >switch message SMBnttrans (pid 11271) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] 17 00 00 00 AF 1D 00 00 ....¯... >call_nt_transact_notify_change >kernel change notify on . (ntflags=0x17 flags=0x3e) fd=27 >call_nt_transact_notify_change: notify change called on directory name = . >got smb length of 84 >got message type 0x0 of len 0x54 >Transaction 7 of length 88 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4545 >smt_wct=23 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 8192 (0x2000) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=21504 (0x5400) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 1024 (0x400) >smb_vwv[18]= 4 (0x4) >smb_vwv[19]= 3 (0x3) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]= 7599 (0x1DAF) >smb_vwv[22]= 1 (0x1) >smb_bcc=3 >[000] 00 63 00 .c. >switch message SMBnttrans (pid 11271) >change_to_user: Skipping user change - already user >reply_nttrans: setup_count = 8 >[000] 03 00 00 00 AF 1D 01 00 ....¯... >call_nt_transact_notify_change >kernel change notify on . (ntflags=0x3 flags=0x1e) fd=28 >call_nt_transact_notify_change: notify change called on directory name = . >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 8 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4610 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] FF FF 7F 16 00 56 05 06 00 04 01 00 00 00 00 5C ÿÿ...V.. .......\ >[010] 00 2A 00 00 00 .*... >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\*" >unix_clean_name [/*] >stat_cache_lookup: lookup failed for name [*] >unix_convert begin: name = *, dirpath = , start = * >is_mangled * ? >is_mangled_component * (len 1) ? >is_mangled * ? >is_mangled_component * (len 1) ? >New file * >is_in_path: * >is_in_path: no name list. >unix_clean_name [*] >dir=./, mask = * >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 1 >ms_fnmatch(*,.) -> 0 >dos_mode: ./. >is_in_path: ./. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./. fname=. >get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 2 >ms_fnmatch(*,.) -> 0 >dos_mode: ./.. >is_in_path: ./.. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./.. fname=.. >get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 3 >ms_fnmatch(*,test-test) -> 0 >dos_mode: ./test-test >is_in_path: ./test-test >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./test-test fname=test-test >name_map: test-test -> 454A1C96 -> TJ8432~U (cache=1) >get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 4 >ms_fnmatch(*,test.doc) -> 0 >dos_mode: ./test.doc >is_in_path: ./test.doc >is_in_path: no name list. >dos_mode returning a >get_lanman2_dir_entry found ./test.doc fname=test.doc >get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 5 >ms_fnmatch(*,New Folder) -> 0 >dos_mode: ./New Folder >is_in_path: ./New Folder >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./New Folder fname=New Folder >name_map: New Folder -> 6E19BE57 -> NUJRHW~7 (cache=1) >get_lanman2_dir_entry:readdir on dirptr 0x41f4e558 now at offset 5 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 536, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 536, paramsize = 10, datasize = 536 >write_socket(16,608) >write_socket(16,608) wrote 608 >SMBtrans2 mask=* directory=./ dirtype=22 numentries=5 >got smb length of 76 >got message type 0x0 of len 0x4c >Transaction 9 of length 80 >size=76 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4674 >smt_wct=15 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 8 (0x8) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=11 >[000] 00 43 00 EC 03 00 00 00 00 00 00 .C.ì.... ... >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "" >unix_clean_name [] >conversion finished . -> . >is_in_path: . >is_in_path: no name list. >unix_clean_name [.] >call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 >dos_mode: . >is_in_path: . >is_in_path: no name list. >dos_mode returning d >SMB_QFBI - create: Thu Jan 8 19:01:22 2004 > access: Thu Jan 8 19:57:46 2004 > write: Thu Jan 8 19:01:22 2004 > change: Thu Jan 8 19:01:22 2004 > mode: 10 >t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 39 >got message type 0x0 of len 0x27 >Transaction 10 of length 43 >size=39 >smb_com=0x74 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=0 >smb_pid=65279 >smb_uid=102 >smb_mid=4738 >smt_wct=2 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_bcc=0 >switch message SMBulogoffX (pid 11271) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >NT user token: (NULL) >UNIX token of user 0 >Primary group is 0 and contains 0 supplementary groups >change_to_root_user: now uid=(0,0) gid=(0,0) >ulogoff, vuser id 102 does not map to user. >ulogoffX vuid=102 >size=39 >smb_com=0x74 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=65279 >smb_uid=102 >smb_mid=4738 >smt_wct=2 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_bcc=0 >write_socket(16,43) >write_socket(16,43) wrote 43 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 11 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4802 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 05 00 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 ...ì.... .\.d.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 11271) >setting sec ctx (39428, 31947) - sec_ctx_stack_ndx = 0 >NT user token of user S-1-5-21-2700928644-3666989044-3468193467-1134 >contains 6 SIDs >SID[ 0]: S-1-5-21-2700928644-3666989044-3468193467-1134 >SID[ 1]: S-1-5-21-2700928644-3666989044-3468193467-513 >SID[ 2]: S-1-1-0 >SID[ 3]: S-1-5-2 >SID[ 4]: S-1-5-11 >SID[ 5]: S-1-5-21-2700928644-3666989044-3468193467-9144 >UNIX token of user 39428 >Primary group is 31947 and contains 2 supplementary groups >Group[ 0]: 31947 >Group[ 1]: 31956 >change_to_user uid=(39428,39428) gid=(0,31947) >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\desktop.ini" >unix_clean_name [/desktop.ini] >stat_cache_lookup: lookup failed for name [DESKTOP.INI] >unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >is_in_path: desktop.ini >is_in_path: no name list. >unix_clean_name [desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) >set_bad_path_error: err = 2 bad_path = 0 >error string = No such file or directory >error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4802 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 12 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4866 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 38 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .8...V.. .......\ >[010] 00 2A 00 00 00 .*... >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\*" >unix_clean_name [/*] >stat_cache_lookup: lookup failed for name [*] >unix_convert begin: name = *, dirpath = , start = * >is_mangled * ? >is_mangled_component * (len 1) ? >is_mangled * ? >is_mangled_component * (len 1) ? >New file * >is_in_path: * >is_in_path: no name list. >unix_clean_name [*] >dir=./, mask = * >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 1 >ms_fnmatch(*,.) -> 0 >dos_mode: ./. >is_in_path: ./. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./. fname=. >get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 2 >ms_fnmatch(*,.) -> 0 >dos_mode: ./.. >is_in_path: ./.. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./.. fname=.. >get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 3 >ms_fnmatch(*,test-test) -> 0 >dos_mode: ./test-test >is_in_path: ./test-test >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./test-test fname=test-test >name_map: test-test -> 454A1C96 -> TJ8432~U (cache=1) >get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 4 >ms_fnmatch(*,test.doc) -> 0 >dos_mode: ./test.doc >is_in_path: ./test.doc >is_in_path: no name list. >dos_mode returning a >get_lanman2_dir_entry found ./test.doc fname=test.doc >get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 5 >ms_fnmatch(*,New Folder) -> 0 >dos_mode: ./New Folder >is_in_path: ./New Folder >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./New Folder fname=New Folder >name_map: New Folder -> 6E19BE57 -> NUJRHW~7 (cache=1) >get_lanman2_dir_entry:readdir on dirptr 0x41b8476c now at offset 5 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 536, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 536, paramsize = 10, datasize = 536 >write_socket(16,608) >write_socket(16,608) wrote 608 >SMBtrans2 mask=* directory=./ dirtype=22 numentries=5 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 13 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4930 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 EF 03 .C.ï. >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 14 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=4994 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 EF 03 .C.ï. >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 100 >got message type 0x0 of len 0x64 >Transaction 15 of length 104 >size=100 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=5058 >smt_wct=15 >smb_vwv[ 0]= 32 (0x20) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 2 (0x2) >smb_vwv[ 3]= 40 (0x28) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 32 (0x20) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=35 >[000] 00 20 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 . .ì.... .\.d.e.s >[010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i >[020] 00 00 00 ... >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >unix_convert called on file "\desktop.ini" >unix_clean_name [/desktop.ini] >stat_cache_lookup: lookup failed for name [DESKTOP.INI] >unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >is_mangled desktop.ini ? >is_mangled_component desktop.ini (len 11) ? >New file desktop.ini >is_in_path: desktop.ini >is_in_path: no name list. >unix_clean_name [desktop.ini] >call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) >set_bad_path_error: err = 2 bad_path = 0 >error string = No such file or directory >error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND >size=35 >smb_com=0x32 >smb_rcls=52 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51265 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=5058 >smt_wct=0 >smb_bcc=0 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 86 >got message type 0x0 of len 0x56 >Transaction 16 of length 90 >size=86 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=5122 >smt_wct=15 >smb_vwv[ 0]= 18 (0x12) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]=16384 (0x4000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 18 (0x12) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 1 (0x1) >smb_bcc=21 >[000] 00 38 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .8...V.. .......\ >[010] 00 2A 00 00 00 .*... >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2findfirst: dirtype = 22, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 260, max_data_bytes = 16384 >unix_convert called on file "\*" >unix_clean_name [/*] >stat_cache_lookup: lookup failed for name [*] >unix_convert begin: name = *, dirpath = , start = * >is_mangled * ? >is_mangled_component * (len 1) ? >is_mangled * ? >is_mangled_component * (len 1) ? >New file * >is_in_path: * >is_in_path: no name list. >unix_clean_name [*] >dir=./, mask = * >start_dir dir=./ >is_in_path: ./ >is_in_path: no name list. >unix_clean_name [./] >is_in_path: test-test >is_in_path: no name list. >is_in_path: test.doc >is_in_path: no name list. >is_in_path: New Folder >is_in_path: no name list. >creating new dirptr 256 for path ./, expect_close = 1 >dptr_num is 256, wcard = *, attr = 22 >dirpath=<./> dontdescend=<> >get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 1 >ms_fnmatch(*,.) -> 0 >dos_mode: ./. >is_in_path: ./. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./. fname=. >get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 2 >ms_fnmatch(*,.) -> 0 >dos_mode: ./.. >is_in_path: ./.. >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./.. fname=.. >get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 3 >ms_fnmatch(*,test-test) -> 0 >dos_mode: ./test-test >is_in_path: ./test-test >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./test-test fname=test-test >name_map: test-test -> 454A1C96 -> TJ8432~U (cache=1) >get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 4 >ms_fnmatch(*,test.doc) -> 0 >dos_mode: ./test.doc >is_in_path: ./test.doc >is_in_path: no name list. >dos_mode returning a >get_lanman2_dir_entry found ./test.doc fname=test.doc >get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 5 >ms_fnmatch(*,New Folder) -> 0 >dos_mode: ./New Folder >is_in_path: ./New Folder >is_in_path: no name list. >dos_mode returning d >get_lanman2_dir_entry found ./New Folder fname=New Folder >name_map: New Folder -> 6E19BE57 -> NUJRHW~7 (cache=1) >get_lanman2_dir_entry:readdir on dirptr 0x41b41eb0 now at offset 5 >call_trans2findfirst - (2) closing dptr_num 256 >closing dptr key 256 >t2_rep: params_sent_thistime = 10, data_sent_thistime = 536, useable_space = 131010 >t2_rep: params_to_send = 10, data_to_send = 536, paramsize = 10, datasize = 536 >write_socket(16,608) >write_socket(16,608) wrote 608 >SMBtrans2 mask=* directory=./ dirtype=22 numentries=5 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 17 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=5186 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 EF 03 .C.ï. >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007 >got smb length of 70 >got message type 0x0 of len 0x46 >Transaction 18 of length 74 >size=70 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=24 >smb_flg2=51207 >smb_tid=1 >smb_pid=1512 >smb_uid=100 >smb_mid=5250 >smt_wct=15 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 560 (0x230) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 2 (0x2) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 3 (0x3) >smb_bcc=5 >[000] 00 43 00 EF 03 .C.ï. >switch message SMBtrans2 (pid 11271) >change_to_user: Skipping user change - already user >call_trans2qfsinfo: level = 1007 >call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=9432320, cUnitAvail=8133376 >t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 >t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 >write_socket(16,92) >write_socket(16,92) wrote 92 >SMBtrans2 info_level = 1007
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 954
: 356